This month IHG became victims of a cyberattack. The hotel group includes 17 chains and over 6,000 hotels across 100 countries which includes brand names like Holiday Inn, Crowne Plaza, and Regent.
Customers suddenly began taking to social media, claiming problems with check-ins and bookings on IHG’s websites after they were unable to reach any form of customer service, despite claims that they would be able to reach someone by phone to help.
IHG attampted to respond to the public on social media for over 24 hours straight however issues were not being resolved and customers were not getting straight answers.
IHG finally came forward to reveal that their systems had been hacked, taking down their booking sites, as well as having internal documents deleted. Reports claim that over 4,000 customers and 15 employees were affected directly by the hack.
Hacking group TeaPea, from Vietnam, revealed to press and media that they were behind the attack after gaining access to internal emails, servers, and employee teams chats. They were able to gain access by tricking employees through having them download malicious software attached as an email attachment.
Further reports reveal that the IHG admin password was Qwerty123, an absurdly easy password to have guessed, that was also available to all 200,000 employees and staff.
The hacking group reported that they had initially began the attack as ransomware, hoping to gain monetary profit for release of the systems, however because IHG’s internal IT team began to respond against the attack and prevent them from accessing further files, the hacking group turned to wiping out important files instead as retaliation. Services were down for over a week from IHG’s websites.
Rik Ferguson, cybersecurity specialist and vice president of Forescout said “the hacker’s change of tactic seems born out of vindictive frustration. They couldn’t make money so they lashed out…”
IHG and the hacking group TeaPea both claim that no customer data was stolen, however internal corporate data was compromised.
This is not the first cyberattack IHG has faced. One such incident occurred in 2016 that the hotel group failed to disclose to the public, leading to a $1.5 million dollar class action lawsuit.
Franchisees of Holiday Inn have now filed a lawsuite in Atlanta US District Court against IHG for failing to “adopt reasonable data security measures that would prevent and detect unauthorized access to their highly-sensitive databases”.
Franchisees are required to pay a fee per month, $16.40 which has been increasing 2% yearly, to IHG as a “technology fee”, however franchisees feel that this money was not used to protect them and their data.
“…most organizations do not have this level of visibility due to the complexity of their IT environments and the number of different tools that they are using. They can’t fix an issue that they can’t see, so this area is vital. Another important measure that helps to avoid these types of attacks is having the right company culture. This should prioritize cybersecurity and encourage business stakeholders to work regularly in partnership with IT operations and security professionals.” says Chris Vaughan, Technical Account Management for Tanium IT Security.