InterContinental Hotels Group, also known as IHG Hotels & Resorts, has confirmed it has been hit by a cyberattack that has caused its booking systems and mobile apps to fail.
Headquartered in the UK, IHG operates some of the world’s largest hotel chains, including the Holiday Inn, Crown Plaza and Regent hotels. The company operates more than 6,000 hotels in more than 100 countries, including more than 3,000 in the United States, serving more than 150 million guests annually.
In submit a Tuesday With the London Stock Exchange on Tuesday, the company confirmed that “portions of the company’s technology systems have been subject to unauthorized activity.”
IHG declined to confirm the nature of the incident at londonbusinessblog.com’s request, but noted in the filing that “it is working on recovering affected systems,” suggesting a possible ransomware attack – a theory supported by some cybersecurity experts.
It is unclear who was behind the cyber attack and whether and what data was stolen. IHG said in its filing that the cyberattack has “significantly disrupted” booking channels and mobile apps, which have been inoperable since Monday. The hotel chain added that it is working with outside cybersecurity experts.
When reached by email, IHG spokesman Alex O’Neil declined to comment beyond the statement filed with the London Stock Exchange.
In a separate email, IHG spokesperson Amy Shields told londonbusinessblog.com that the incident is unrelated to a recent ransomware attack on an Istanbul-based branch of Holiday Inn, owned by IHG, that was claimed by the LockBit ransomware group. Shields described this attack as an “isolated incident at one of our third-party franchise hotels.”
This is not the first time that IHG has been hit by a cyber attack. The hotel giant said in April 2017 that 1,200 of its hotels were compromised by a three-month cyber attack in 2016, where hackers gained access to credit card details which were then used to make fraudulent payments. IHG agreed to pay more than $1.5 million in 2020 in a class action settlement following the infringement.