Holiday Inn owner Intercontinental Hotels Group (IHG) has confirmed that a cyberattack has hit the company. IHG manages 17 hotel companies comprising over 6,000 properties across 100 countries.


According to IHG, the company is investigating “unauthorized access” to several of its technology systems. The UK-based company said its “booking channels and other applications” had been disrupted since Monday. 


“We’re working to restore all systems asap, and IHG hotels can take reservations,” the company said in its Twitter feed. 

In a statement, IHG said it had implemented its incident response plans and notified relevant regulatory authorities. External specialists have also been engaged to assist in investigating the incident. 


According to Forbes, attempts to book a room online via the IHG, Kimpton and Holiday Inn websites were unsuccessful. “The group’s sites carried the following banner announcement: ‘At this time, you may have challenges booking a new reservation, accessing information about your upcoming reservations and accessing your IHG One Rewards account. We’re working to restore all service as soon as possible.’ The message went on to recommend that travelers call individual hotels directly to make reservations,” Forbes reports.


Erfan Shadabi, a cybersecurity expert with data security specialists comforte AG, says, “Any enterprise possessing highly valuable data will continue to be a target, even if it has sustained previous cyberattacks, like the 2017 hack on Holiday Inn card payment systems and the August 2022 attack on Holiday Inn in Istanbul which was breached by LockBit.”


According to Shadabi, consumer-based industries such as travel and entertainment, retail, and financial services apply as they collect sensitive information on large swathes of their customers and prospects. “The reason is simple: threat actors want that data for personal gain. Whether the dataset contains thousands or millions of data subjects, complete with sensitive PII that can be used to initiate identity theft or other fraud, or whether it contains less volume but more substantive information, meaning something that can hold up operations and be used as leverage (think ransomware attacks on infrastructure companies), the fact of the matter is that if the organization gathers and stores sensitive information, [threat actors] want it,” Shadabi explains.