InterContinental Hotels Group (IHG) has warned that the attacks on its retail systems in February were much bigger than it had earlier admitted - affecting 1,200 of its hotels across the US and Puerto Rico, not the handful of hotels that it had suggested at the time.
The attacks may affect customers of Holiday Inn, Crowne Plaza, InterContinental and half-a-dozen or so other major hotel brands.
IHG first told customers that only a 'dozen' US locations had been infected with credit card-stealing malware back in February, but has now come out and admitted that the attack was a lot worse than it first revealed.
IHG has now warned that 1,200 of its hotels were affected by the malware, which grabs data from credit and debit cards, including cardholders' names, credit-card numbers, expiration dates and security codes.
An investigation revealed that the malware had been active at front-desk payment locations at the affected hotels for at least three months, from 29 September and 29 December 2016.
However, "confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017", which means that some hotels might still be at risk.
"The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected hotel server," IHG said in a statement on its website.
"There is no indication that other guest information was affected," it added.
IHG added that many of its franchised hotel locations were not affected by the breach because it had implemented Secure Payment Solution (SPS), a point-to-point encryption payment acceptance solution.
The company advises customers to contact their bank and "remain vigilant" for fraudulent charges.
Last year, Hyatt Hotel guests were also warned of a credit card-related hacking. The hotel admitted that hackers had made off with payment card data from cards used onsite Hyatt-managed locations, primarily at restaurants, between 13 August 2015 and 8 December 2015.
Join Computing in London on 4 May for the Cyber Security Strategy Briefing 2017 for the Financial Sector.
Speakers include Adam Koleda, IT director of insurance firm BPL Global; Peter Agathangelou, associate director of Hamilton Fraser Insurance; and, Dr Kuan Hon, consultant lawyer at law firm Pinsent Masons.
Attendance is free to qualifying IT professionals and IT leaders - register now!
Latest Tesla news: Tesla share price continues to fall after Saudi Arabia's sovereign wealth fund is linked to investment in rival
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
RTX 280 Ti will come with 11GB of fast GDDR6 video RAM with a 352-bit memory bus offering 616Gbps
The scale of jobs lost to automation will be at least as large as those in the first three industrial revolutions
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC