If you’ve experienced trouble logging into your International Hotels Group (IHG) loyalty account recently, it most likely is due to a cyber attack that caused a still-unknown amount of damage. The online hotel booking system was down for some time as a result of the attack, impacting both the mobile app and bookings through the web site.
IHG owns a number of popular brands, with thousands of locations across the world: Holiday Inn, Intercontinental, Crowne Plaza and more. The company continues to investigate the incident and has mostly recovered at this point, but experienced an extended service outage into the first half of September that forced some customers to book or modify hotel stays over the phone.
IHG’S hotel booking system offline for days, ransomware suspected (but not confirmed)
IHG hotel loyalty program members began noticing difficulties making reservations toward the end of the first week of September, followed shortly by messages from IHG indicating some sort of problem with the web and app hotel booking systems and that reservations should be handled by phone.
There is no information about the attackers at present, but hotel booking systems have been popular with hackers in recent years due to the wealth of payment information and identity documents they tend to hold. Cyber attacks on hotel loyalty programs are also not uncommon, as accrued customer points can often be exchanged for gift cards that attackers can quickly convert to other funds.
It is still not clear if customer payment information was taken in this incident, but IHG is only a few years removed from a similar cyber attack that breached its hotel booking system. The company ended up paying over a million dollars in a class action lawsuit settlement over stolen credit card information.
IHG keeps tight lid on cyber attack information, but downtime suggests ransomware
IHG has not been forthcoming about exactly what happened to its hotel booking system, with public information thus far mostly coming from a required report to the London Stock Exchange on the incident. The extended downtime and the fact that bookings continued by phone even though the online systems were down strongly suggests ransomware, however. The cyber attack most likely started over the Labor Day vacation weekend in the US as issues with the booking site and the mobile app began to crop up that Sunday (the 4th of September).
The situation is frustrating to hotel guests and members of the IHG loyalty program, as they still do not have a clear idea of what information might have been stolen by the hackers. IHG has acknowledged that the issues were caused by a cyber attack, but has not yet advised customers of the potential risks or recommended security actions. IHG did reveal that this incident was not connected to a recent ransomware incident involving a single Holiday Inn property located in Istanbul. In the meantime, customers hold out hope that this attack only involved ransomware and was not a “double extortion” variety that would send their personal data to other criminals or to public viewing on the dark web.