1,200+ hotel chain locations affected by hack

A Holiday Inn sign is shown Monday, Nov. 10, 2008 in New York. (AP Photo/Mark Lennihan)

GRAND RAPIDS, Mich. (WOOD) — A hotel chain is warning customers after it was discovered that more than 1,200 of its locations were infected with malware, including eight hotels in West Michigan.

InterContinental Hotels Group, which includes Holiday Inn, said an investigation revealed malware designed to access payment card data from cards used at front desk cash registers between Sept. 29, 2016 and Dec. 29, 2016.

The malware searched for data read from the magnetic stripe of credit and debit cards. That data could include the cardholder’s name, card number, expiration date and internal verification code, the company said.

IHG is advising customers to review their credit and debit card statements for any unauthorized payments and immediately report it to their card company.


Grand Rapids attorney Christian Krupp says you may not even realize your credit or debit card has been hacked for a while.

“A lot of times they will be smart about it. They will get the information, they hold back for a while and then they slowly start trickling it out to avoid detection,” Krupp said.

He says that means you may not see a suspicious transaction for a year because criminals know it will be more obvious if they buy more things all at once.

Krupp says in cases like the IHG breach it can be difficult for victims to prove in a lawsuit.

“Somebody could have gotten that information from your garbage can. They could have gotten it from, you know, 50 different sources,” Krupp said.

He says it’s nearly impossible to prove that one transaction is the direct result of a breach because you may have given your information to multiple organizations over a period of time.

Experts say report any suspicious transactions to your card company.

“They are getting pretty savvy as far as nipping at before it gets to a serious problem which is good for them,” Krupp said.

Grand Valley State University Associate Director of Academic Services John Klein, who also works in IT, says it’s about being smarter than the hackers by making it more difficult to gain access to online accounts.

“When you have your online transactions, your credit card transactions and everything else different passwords, or we like to say passphrases, for different things. Not just a single word but multiple words strung together,” Klein said.

But in cases like this, the responsibility may fall with the companies to tighten security.


Customers can search for hotel locations affected by the malware on the company’s website.

According to IHG’s state-by-state lookup page, the following eight West Michigan Holiday Inn locations were affected:

  • Battle Creek
    12812 Harper Village Drive
    Sept. 29, 2016 through Dec. 29, 2016
  • Grand Rapids
    5401 28th Street Court SE
    Sept. 29, 2016 through Oct. 20, 2016
  • Kalamazoo
    3630 East Cork Street
    Sept. 29, 2016 through Dec. 28, 2016
  • Ludington
    4079 West US-10
    Sept. 29, 2016 through Dec. 7, 2016
  • Muskegon
    939 Third Street
    Sept. 29, 2016 through Dec. 29, 2016
  • Niles
    1000 Moore Drive
    Sept. 29, 2016 through Dec. 29, 2016
  • Oshtemo Township
    2747 South Eleventh Street
    Sept. 29, 2016 through Dec. 29, 2016
  • South Haven
    1741 Phoenix Road
    Sept. 29, 2016 through Dec. 29, 2016



InterContinental Hotels Group data breach