InterContinental Hotels Group (IHG) has confirmed its subsidiary Holiday Inn has been hit by a cyber–attack. More specifically, the firm issued a statement saying it was investigating "unauthorized access" to a number of its technology systems.
The acknowledgment comes two days after the UK–based company's booking channels and other applications were disrupted, preventing many customers from booking accommodations online.
Now, IHG confirmed it is assessing the nature, extent and impact of the incident and is implementing its response plans, which reportedly include the appointment of external specialists to investigate the breach.
"We will be supporting hotel owners and operators as part of our response to the ongoing service disruption," the company's statement reads. "IHG's hotels are still able to operate and to take reservations directly."
Commenting on the news, managing director of EMEA Apricorn Jon Fielding told Infosecurity Magazine that with the details and systems required by an organization such as IHG, having an effective backup strategy in place will make recovery somewhat smoother.
"Organizations should embrace the '3–2–1 rule': have at least three copies of data, on at least two different media, with at least one copy offsite, and with ransomware so prevalent, offline and encrypted," Fielding explained.
"Data should be backed up regularly and automatically where possible to ensure quick recovery and restoration."
At the time of writing, it is uncertain what kind of cyber–attack affected Holiday Inn's systems in the UK, but the events come weeks after a Holiday Inn in Istanbul was breached by LockBit on August 26. The threat actor then released data stolen from the company.
"We don't yet know what happened at IHG, but hotel systems are very complex and often include external suppliers, for example, for heating systems, booking systems, CCTV and much more," Mark Warren, product specialist at Osirium, told Infosecurity Magazine.
According to the security expert, every hotel location depends on a wider range of IT systems, ranging from payment booking to stock control, but many of these facilities typically do not have local IT support.
"That's why it's critical that foundational protections are in place, such as ensuring staff only have the least level of permissions or access needed to get their work done, that external access is tightly controlled and monitored, and user accounts are constantly reviewed and updated as staff join or leave the hotel," Warren concluded.
The attack comes weeks after hackers reportedly stole 20GB of data from a Marriott International hotel.