(中央社記者顏伶如波特蘭20日專電)洲際飯店集團遭駭事件持續擴大,今年稍早傳出僅北美與加勒比海共計十多家飯店受到影響,但經調查後如今證實,波及層面高達全美共計1200家旗下飯店。
洲際飯店集團(InterContinental Hotels Group)19日發表的最新聲明中坦承,委託知名網路安全機構展開內部調查之後發現,在2016年9月29日至2016年12月29日之間,洲際飯店集團旗下某些飯店櫃台的刷卡裝置,確實遭到惡意程式入侵。
這種惡意程式專門用來竊取消費者的信用卡或簽帳卡個資,洲際飯店集團指出,包括持卡人姓名、卡號、認證密碼以及信用卡有效期限,都可能在顧客刷卡付費時遭竊。
今年2月,洲際飯店集團最早爆發顧客信用卡資料遭駭時,傳出只有北美與加勒比海地區共計12家旗下飯店受到影響,但如今則證實波及層面遠超過當初預期。
根據媒體報導,直到今年3月,洲際飯店集團終於才得以將惡意程式從刷卡系統當中移除。
洲際飯店集團呼籲顧客保持警覺,查看信用卡帳單是否出現可疑的交易,一旦發現未經授權的交易則應立即通報發卡機構。
總部位於英國德納姆(Denham)的洲際飯店集團,旗下飯店品牌包括了假日飯店(Holiday Inn)、皇冠假日飯店(Crowne Plaza)等。
(RTTNews.com) – The data breach at InterContinental Hotels Group Plc (IHG, IHG.L) is much bigger than announced earlier, with almost 1,200 hotels now seen as impacted.
Denham, UK-based InterContinental Hotels, the owner of Holiday Inn, Crowne Plaza, Staybridge Suites and Hotel Indigo, said in early February that it suffered a data breach on twelve of its hotels in the U.S. The company operates more than 5,000 hotels across nearly 100 countries.
The data breach was discovered on December 28, 2016 after clients reported unauthorized, fraudulent charges on cards previously used at a number of U.S. hotels owned by the hotel giant.
While the company did not provide a specific number for how many properties were affected, it has provided a state-by-state lookup tool that shows the Holiday Inn, Intercontinental and Crowne Plaza locations that were affected.
According to research by a Krebs on Security reader, 1,175 properties across the U.S. and Puerto Rico were affected by the data breach. The impacted brands are Holiday Inn, Holiday Inn Express, Holiday Inn Resort, Crown Plaza, Hotel indigo, Candlewood Suites and Staybridge Suites.
According to IHG’s investigation, the malware did not show signs of activity after December 29, but it was also not eradicated from cash registers until March 2017.
According to the hotel chain, the malware searched for track data – cardholder name, card number, expiration date, and internal verification code – read from the magnetic stripe of a payment card as it was being routed through the affected hotel server. However, the company noted that there was no indication that other guest information was affected.