IHG Hotels Hacked, Systems Down

Several readers asked me yesterday what to make of IHG hotels’ systems being down. I figured “it’s just poor IT” and things will return to normal eventually. That remains true, but the hotel giant acknowledges they’ve been hacked.

InterContinental Hotels Group (NYSE: IHG) reports that parts of the Company’s technology systems have been subject to unauthorised activity. IHG’s booking channels and other applications have been significantly disrupted since yesterday, and this is ongoing.

IHG has implemented its response plans, is notifying relevant regulatory authorities and is working closely with its technology suppliers. External specialists have also been engaged to investigate the incident.

IHG is working to fully restore all systems as soon as possible and to assess the nature, extent and impact of the incident. We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG’s hotels are still able to operate and to take reservations directly.

Meanwhile hotels are losing two days of ‘book direct’ business. It appears they may be close to restoring the site, though, because instead of a notice of ‘planned downtime’ they will let you search for reservations. As I write this, however, searching for hotels does not reveal any results.

It is not yet clear what information was taken in the hack, if any, or the extent of any other damage such as data that cannot be recovered.

About Gary Leff

Gary Leff is one of the foremost experts in the field of miles, points, and frequent business travel - a topic he has covered since 2002. Co-founder of frequent flyer community InsideFlyer.com, emcee of the Freddie Awards, and named one of the "World's Top Travel Experts" by Conde' Nast Traveler (2010-Present) Gary has been a guest on most major news media, profiled in several top print publications, and published broadly on the topic of consumer loyalty. More About Gary »

More articles by Gary Leff »

Pingbacks

Comments

  1. The website has to be the worst ever in hotel history along with their customer service
    The website has had bugs for the past year or longer
    Of course there is no one to escalate to as IHG doesn’t really exist.Its agents are working at home from their farms and you can hear animals in the background as you speak to them on the phone.It would be comical if the company wasn’t so sad
    Corporate hides in a bunker somewhere in the South with unlisted numbers
    Like a number of their hotels but they are a cluster F professionally
    This is a company where greed overrules proper CRM and long term retention of premium customers as a result suffers.Its a fight to get anything accomplished with them
    The new Radisson Americas may actually be worse if thats possible time will tell

  2. @dwondermeant – I can confirm that I have heard a rooster crowing the last time I spoke to IHG customer service. I believe they were in the Philippines!

    But you can always use Twitter to reach them and do some simple things and the hotels are fine as we had two stays recently, the Intercontinental Lisbon and the Holiday Inn Lisbon Continental – both great properties and awesome treatment for this Ambassador Diamond!

  3. I guess we’ll find out, but i’m curious if this is “just” their website, or if any backend systems containing PII (ie billing, CRM, etc) are impacted. Considering they didn’t even let users use passwords until the past couple years, I’m guessing they are rolling with some pretty ancient junk.

    Good luck to their IT department on this.

  4. I have a reservation next week for 4 days and called the local hotel. They were able to view my reservation and confirm I am staying on points. We stay at this hotel frequently and they were, as always, polite and helpful.

  5. Backend systems are not impacted. If they were, GDPR would have forced them to disclose. Furthermore, “IT department” installs Microsoft Office. Engineering owns production services and the maintenance and security thereof.

  6. Timing seems v coincidental. Last week I received an email from IHG informing me my email address was changed. And couldn’t log in anymore. I had a v complex password, no other account issues anywhere etc. IHG resolved it in a call, and for some reason, I shared with them that I thought the issue was on their side. Agree with others re IHG having the most liberal security requirements for user account management

  7. IHG has the worst IT of any hotel chain. It has been this way for about 6-7 years. Any time they run a promo, the IT barely supports it. I feel that this “hack” should have been expected because IHG has not invested in their IT for at least a decade.

  8. Hackers didn’t use 4 digits PIN getting access to IHG’s server, please stop thinking that longer password is safer.

  9. I’m a Platinum person at IHG and have always resented being forced to use my email address or 4-digit # to sign in. And the default is ‘save it’. This really annoys me, and now I suppose my email address is in the control of the bad guys. I don’t understand why IHG corporate is so lame in so many ways. Many of their hotels are lovely, the HIX properties are usually top-notch and I adore the CrownePlazas & InterContinentals. IHG needs to take some lessons from Hilton on how to treat your best customers … not to mention taking the security of our information seriously.

  10. “Ex-UA Plat says:
    September 6, 2022 at 12:12 pm
    Wonder if they’ll finally get rid of the 4-digit PIN as password?”

    A few months ago I was required to create a longer and more secure password in order to sign in. I do not know if all other IHG members were required to create a stronger password.

    The site has been down three days, for me. However, I read it has been down two days. I can count fairly well. What is the point in trying to shorten the length of time the site has been inoperable?

    I hope all gets repaired soon.

  11. @huey judy

    Using an email as a sign-on identifier is customary for on-line businesses. How else would they send you a confirmation? Now if the hackers were able to access credit card payment info, that is the big issue. Because if they have all of your info: CC#, expiration date, zip code and CVV codes, then the hackers can sell the CC info. Your email isn’t necessary for hacking your CC. Your email isn’t that valuable, as it has probably been on the dark web for at least 10 years. If you are so worried about your email, then change your email’s password

  12. I have never had a problem with IHG, I have both cards and enjoy the free nights and upgrades.
    Holiday Inn Express, Staybridge Suites and Intercontinental Hotels have been pleasant stays.

  13. Today it took 1.5 hours & three different browsers to book rewards nights from two different accounts and another night using points. Interestingly, when trying to book the points night I was first shown 22K points, then 24K points, then the one that finally went through was 20K points – go figure.

Leave a Reply

Your email address will not be published.