IHG has announced that parts of the company’s’ technology systems have been subject to ‘unauthorised activity‘. It appears this activity has been occurring since Sunday when the systems went down. Originally IHG was saying that this was due to scheduled maintenance but that is no longer the case with the following statement being provided:
InterContinental Hotels Group PLC (IHG or the Company) reports that parts of the Company’s technology systems have been subject to unauthorised activity. IHG’s booking channels and other applications have been significantly disrupted since yesterday, and this is ongoing.
IHG has implemented its response plans, is notifying relevant regulatory authorities and is working closely with its technology suppliers. External specialists have also been engaged to investigate the incident.
IHG is working to fully restore all systems as soon as possible and to assess the nature, extent and impact of the incident. We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG’s hotels are still able to operate and to take reservations directly.
A further update will be provided as and when appropriate.
It’s unclear what personal information or other data has been accessed at this stage. 1,175 IHG properties suffered payment terminal data breach in 2017 and in the end settled a class action lawsuit for $1.55 million. I’ve long stated that until the penalties increase for data breaches they will continue to occur at alarming rates.
View Comments (18)
Apparently, the password to IHG's database was Qwerty1234.
Not joking.
https://www.bbc.com/news/technology-62937678.amp
I got a fraud email today using my first and last name in the subject line. It purports to be a receipt for something expensive, and has a number for me to call if any questions. The 0 and 1 in the number are "O" and "I".
The fraud email was sent to the email account that I only use for IHG.
Has IHG confirmed they were hacked? Seems clear to me.
Time for IHG to start implementing and frequently verifying GRC (governance, risk management, and compliance). PCI compliance, NIST framework, and CIS benchmarks. At minimum have account IT best practices such as ZTA (zero trust architecture), IAM (Identity Access Management), AAA (authentication, authorization, accounting), MFA (multiple factor authorization), and XDR. They should investigate their CI/CD pipeline and DevSecOps framework as well. Basic security practices in any sustainable business. Common sense is not that common.
Lol its funny you wasted your time blabbering out all these buzzwords knowing IHG is probably never going to read this. I wouldn't trust you implementing/validating all this for me.
Aw, Snap!
Be more incompetent ihg, you can't
Unauthorized access? What does that mean? Did someone book an overwater villa at the Intercontinental Bora Bora Thalasso on points?
This is exciting. I'll take a class-action settlement check for $5, please.
fuck you you fucking piece of shit!
What?
Jekyll and Hyde
That famously happened to me once.
Sounds like a ransomware attack, IHG is scrambling to buy the BTC
They should forcibly reset every customer's passwords, and that'll get rid of the last of the people who STILL haven't updated from their 4-digit PIN, but feel like "sharing" with the rest of us about how bad they think it is.
Database breach has nothing to do with 4 digits PIN, idiot
Read it again. I said they should take this opportunity (the breach) to reset every customer's PINs, (idiot)
Why not just require for 10 passwords and each of them requires 10 upper cases and 10 lower cases along with 10 different symbols if you have problem with 4 digits PIN?
So, this is like their 5-year plan, right?
2017, 2022, and now we have 2027 to look forward to.