It seems Six Continents Hotels (InterContinental Hotel Groups) was notified earlier this year by the Secret Service that some of its hotels had suffered a data security breach. One of the hotels IHG subsequently notified was Cities Service (Holiday Inn Express & Suites in Sulphur, Louisiana). IHG alerted them on February 11, 2015.
When Cities Service investigated, they found a malicious email attachment had compromised their payment system and exposed 613 customers’ names, addresses, payment card numbers, and expiration date. The exposure period was October 13, 2014 until February 11, when they contained the breach.
Cities Service said it had no evidence of misuse, but offered those affected credit monitoring and fraud assistance services with IDT911.
From IHG’s web site:
IHG is one of the world’s leading hotel companies
That’s 161 million guests nights per annum, 710,295 rooms in over 4,800 hotels in nearly 100 countries around the world.
Here’s Cities Service’s notification to the New Hampshire Attorney General’s Office, but I’m wondering what the other impacted hotels were, how many there were, and whether we’ll see notifications from them. I don’t recall seeing any others related to this incident so far. You can find a listing of their chains and properties on IHG’s web site. There doesn’t seem to be any notice on their site that I can locate.