Intercontinental Hotels Group (IHG) Confirmed Victim of Cyber Attack

In a filing with the London Stock Exchange on Tuesday, Holiday Inn owner, Intercontinental Hotels Group (IHG), confirmed it was the subject of a cyber attack, “InterContinental Hotels Group PLC (IHG or the Company) reports that parts of the Company's technology systems have been subject to unauthorized activity.”

IHG is a British multinational company that currently operates 6,028 hotels in more than 100 countries, including Holiday Inn, Crowne Plaza, Regent and many others. The UK-based company said its "booking channels and other applications" had been disrupted since Monday.

The company has not confirmed whether this is a ransomware attack but stated "IHG's booking channels and other applications have been significantly disrupted since yesterday, and this is ongoing."

Researchers on Twitter noted that the LockBit ransomware operation claimed an attack on an Istanbul-based branch of Holiday Inn just last month. Chris Vaughan, AVP of Technical Account Management, EMEA, Tanium weighed in on this latest news.

“This is the latest high-profile attack to impact the hotel sector which has been increasingly targeted in recent times. Financially motivated attackers see hotels as valuable targets due to the vast amount of customer payment card details that they hold. It’s also common to see them leverage hotel loyalty and reward points to fund cyber activities in the criminal underground. There is no doubt that hotels have a target on their back, so their security standards need to be top notch.

This is the second high profile attack on IHG since 2017 when the company experienced a security breach that caused disruption for three months, so it raises the question of whether security processes were adequately updated following the previous attack. As IHG grapples with this latest incident, it needs to analyze all the devices connected to the corporate network to find any problematic ones and then take appropriate action to mitigate any further risk. This could include rolling out a patch or removing certain devices from the network. The problem is, most organizations do not have this level of visibility due to the complexity of their IT environments and the number of different tools that they are using. They can’t fix an issue that they can’t see, so this area is vital.

Another important measure that helps to avoid these types of attacks is having the right company culture. This should prioritize cybersecurity and encourage business stakeholders to work regularly in partnership with IT operations and security professionals. You can’t always stop a sophisticated cyber-attack, but by working together to maintain a good standard of IT hygiene and establishing effective employee awareness training you can certainly make it more difficult for the attackers to be successful.”


###