InterContinental confirms payment card breach at 12 U.S. hotels

(Reuters) - InterContinental Hotels Group Plc on Friday confirmed a data breach from payment cards used at 12 of its hotels in the United States, a little over a month after it said it was investigating claims of a possible breach.

A malware in the servers searched for track data – the cardholder’s name, card number, expiration date and the verification code – on the cards used at the hotels between August and December last year, the company said in a press statement.

InterContinental said only payment cards used at the restaurants and bars of the 12 hotels were affected and that cards used at the front desk of the hotels were not affected.

The affected properties include the InterContinental Chicago Magnificent Mile, the InterContinental San Francisco and Holiday Inn Resort - Aruba, the company said, adding it was still conducting an investigation on its other hotels in the Americas region.

InterContinental did not specify the number of cards affected or if any data had been stolen. A company spokesman declined to comment beyond the press statement.

The company, which owns the Holiday Inn brand, said in late December it had hired cybersecurity firms to investigate claims of a possible payment card breach at some of its U.S. hotels.

InterContinental’s Kimpton Hotels & Restaurants in August had reported a similar malware attack on servers that processed payment cards used at some of its hotels.

The breach follows similar attacks last year at Hyatt Hotels Corp and Starwood Hotels, which is now owned by Marriott International Inc.

InterContinental’s shares closed up 0.5 percent, or 21 cents, at $46.66 on Friday on the New York Stock Exchange.

Reporting by Arunima Banerjee in Bengaluru; Editing by Savio D’Souza