I'm always looking forward to my next planned vacation. Traveling to a new city and experiencing the local cuisine and culture is exciting.
The last thing you want to worry about during a trip is the security of your credit or debit cards. Unfortunately, that's the position millions of travelers have just been put in. A major hotel chain just confirmed a massive breach that may have put your banking information into the hands of cybercriminals.
Which hotels were impacted?
We're talking about the InterContinental Hotels Group (IHG). It's the parent company for over 5,000 hotels all over the world. They include Holiday Inn, Holiday Inn Express, InterContinental, Crowne Plaza, Staybridge Suites, Kimpton Hotels, Even Hotels, and Hotel Indigo.
Over 1,200 IHG branded franchise hotel locations across the U.S. and Puerto Rico have been hit with payment card stealing malware. Anyone who stayed at an affected property between September 29, 2016, and December 29, 2016, potentially had their payment information stolen.
However, the company didn't confirm that the malware was removed from its payment system until March 2017. So, in reality, the breach was most likely ongoing through this March.
Stolen information included the cardholder's name, card number, expiration date and internal verification code. The malware stole this data from the card's magnetic strip as it was being routed through the impacted hotel's server. IHG said the number of affected customers is unknown.
If you traveled over the impacted time-frame, you can find out if the hotel you stayed at was part of the breach. Click here to visit a page of property listings set-up by IHG that lets you search for your hotel. Once there, select the country in which you stayed, then the state/province, then the city.
After entering this information, affected properties in the selected city appear. If the hotel you visited is on the list, your financial data may have been stolen.
IHG is telling affected customers to look over their bank statements dating back to September 2016. If you find unauthorized transactions, you need to report them to your bank ASAP.
Beyond that, you need to follow some other security procedures. Anytime there is a massive breach like this, it's a good idea to follow these suggestions:
How to protect your accounts after a data breach
- Keep an eye on your bank accounts - You should be frequently checking your bank statements, looking for suspicious activity. If you see any transactions that you don't recognize, report it immediately.
- Set up two-factor authentication - Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
- Investigate your email address - Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
- Change your password - Whenever you hear news of a data breach, it's a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
- Close unused accounts - Here's an easy way to manage all of your online accounts at once.
- Beware of phishing scams - Scammers will try and piggyback on huge breaches like this. They will create phishing emails, pretending to be from one of the affected hotels, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
- Manage passwords - Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you're using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.