InterContinental Hotels Group (IHG) has reported a data breach of its payment card processing system. The breach involves malware that infected certain locations between September 29, 2016, and December 29, 2016. The malware lifted customers’ names, credit card numbers, expiration date and the security codes of credit cards used at certain locations during that time frame. A list of affected hotels can be accessed by state here. 

IHG owns Holiday Inn, Holiday Inn Express, Candlewood Suites, Crowne Plaza, Even, Hotel Indigo, HUALUXE Hotels and Resorts, InterContinental, Kimpton Hotels and Resorts, and Staybridge Suites. Any of these brands could be affected by the breach. IHG is urging customers to carefully review their credit card statements for suspicious activity. It has received reports from customers that they have experienced fraudulent charges on cards used at an IHG property.