The IHG data breach: a valuable lesson for B&Bs
News reports have confirmed that hospitality giant, InterContinental Hotels Group (IHG), recently suffered a serious data breach, with hackers stealing the payment card data from over one-thousand of its properties. Of the 5,000 properties IHG operates worldwide, around 1,175 are thought to have been targeted with malware designed to capture information from the magnetic stripe on guest payment cards.
As with most data breaches, the exact number of people directly affected by the attack is unclear, although IHG is clearly doing all it can to mitigate future instances and minimise brand damage by being fully transparent with the press (and even offering guests a lookup tool designed to help them check whether or not their stay took place during the breach).
IHG’s own investigations discovered that the malware had been running on hotel front desk systems between September 29 and December 29, 2016. Designed to steal data directly from the magnetic stripe of guest payment cards, it’s likely the malicious software was able to expose information such as the cardholder name, sixteen-digit number and expiration date to hackers.
However, with headline-grabbing news constantly vying for our attention in the digital age, it’s easy to forget that the eye is in the detail, and if you dig deeper, you discover that IHG franchise hotels running the group’s Secure Payment Solution (SPS) were not affected by the data breach.
SPS is a point-to-point encrypted payment acceptance solution which enables the safe transportation of guest payment card details. Clearly, it did it’s job in this case, by preventing the malware from accessing the precious personal data it was after.
The lesson for B&B operators is therefore a relatively simple one: if you operate an accommodation business of any kind, it’s vital that you understand the implications of running an insecure payment system. There’s no escaping the fact that we live in a world rife with cyber crime, and businesses must do all they can to protect their customer’s data.
By implementing a PCI DSS compliant payment solution, you’ll ensure your B&B is as prepared as it can be for any form of data breach designed to steal payment card information. Don’t make the IHG mistake!