InterContinental Hotels Group PLC, the owner of hotel brands including Holiday Inn, Crowne Plaza and Regent, has been hit by a cyberattack that resulted in its booking systems being knocked offline.
In a statement filed Sept. 6 with the London Stock Exchange, IHG describes the issue as its technology systems being subject to “unauthorized activity” resulting in its booking channels and other applications being significantly disrupted. IHG stated that it had implemented response plans, notified regulatory authorities and engaged external specialists to investigate the incident.
“IHG is working to fully restore all systems as soon as possible and to assess the nature, extent and impact of the incident,” the filing reads.” We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG’s hotels are still able to operate and to take reservations directly.”
The form of attack was not disclosed, nor does IHG make any reference to data being accessed and stolen. However, the company informing regulatory authorities would suggest that data may have been stolen. If data has been stolen, the breach could be large, with IHG running 6,029 hotels with 882,897 rooms in more than 100 countries. The company also employs 325,000 people.
Although not confirmed by IHG, threat intelligence company Hudon Rock Ltd. said on Twitter that it believes at least 15 IHG employees and 4,030 user accounts on the company’s internal network were compromised.
While pure speculation without any disclosure from IHG, that the company’s systems were knocked offline would point to a ransomware attack, however no ransomware gang has claimed responsibility at the time of writing. If ransomware was involved, the odds are high that data was stolen as well.
This is not the first time IHG has been hit by a cyberattack, with 1,200 hotels in the group affected by an intrusion in 2016.
“Financially motivated attackers see hotels as valuable targets due to the vast amount of customer payment card details that they hold,” Chris Vaughan, area vice president of technical account management, EMEA at cybersecurity company Tanium Inc., told SiliconaNGLE. “It’s also common to see them leverage hotel loyalty and reward points to fund cyber activities in the criminal underground. There is no doubt that hotels have a target on their back, so their security standards need to be top notch.”
John Gunn, chief executive officer of authentication company Tokenize Inc. commented that “when you consider that IHG generates revenue of about $8 million per day and the average business interruption from a ransomware attack is two to four weeks, you can see where IHG’s losses could quickly surpass $100 million, not to mention the reputational damage.”
“Hanes Brands recently disclosed that they lost $100 million in revenue from a successful ransomware attack,” Gunn added. “This is a trend that will continue as ransomware gangs go after organizations that have the most to lose and will therefore be the most likely to pay a large ransom.”