HACKED: IHG admits it has been under an ongoing cyber attack since Sunday

The IHG website was down on Sunday evening and all of Monday, and even now as I write is not actually functional.

It was passed off as maintenance, but it is now clear that IHG has been the victim of a major hacking attack.

Whilst IHG has not sent any information to IHG One Rewards members, it has been required to put out a statement for regulatory reasons.

IHG said during Tuesday:

InterContinental Hotels Group PLC (IHG or the Company) reports that parts of the Company’s technology systems have been subject to unauthorised activity. IHG’s booking channels and other applications have been significantly disrupted since yesterday, and this is ongoing.

IHG has implemented its response plans, is notifying relevant regulatory authorities and is working closely with its technology suppliers. External specialists have also been engaged to investigate the incident.

IHG is working to fully restore all systems as soon as possible and to assess the nature, extent and impact of the incident. We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG’s hotels are still able to operate and to take reservations directly.

A further update will be provided as and when appropriate.

The original statement is here.

As of Tuesday evening, when I am typing this, the website is up but not functional. A message at the top of the page says:

A message to our guests: At this time, you may have challenges booking a new reservation, accessing information about your upcoming reservations and accessing your IHG One Rewards account.  We’re working to restore all service as soon as possible. If you have an urgent request for an upcoming stay or need to make an urgent reservation, you can call the hotel directly to make, amend or cancel a booking. Thank you for your patience.

This is, clearly, a major issue for IHG. Hotels have lost 2-3 days of bookings, with perhaps more to come. There will undoubtedly be members who could not cancel reservations and will face penalties. It also appears that hotels cannot see the status level of arriving guests.

By the time you read this on Wednesday functionality may be restored. We now need to see what has been stolen in terms of credit card data, passport data, email addresses etc. If any sensitive data has been taken, the legal settlement in the EU alone is likely to be £100 million to £200 million, given pre-pandemic settlements made by British Airways and Marriott for similar breaches.

---

IHG One Rewards update – April 2024:

Get bonus points: IHG One Rewards is offering 2,000 bonus points for every two cash nights you stay (not necessarily consecutive) between 1st April and 31st May 2024. You can read our full article here and you can register here.

New to IHG One Rewards?  Read our overview of IHG One Rewards here and our article on points expiry rules here. Our article on ‘What are IHG One Rewards points worth?’ is here.

Buy points: If you need additional IHG One Rewards points, you can buy them here.

Want to earn more hotel points?  Click here to see our complete list of promotions from IHG and the other major hotel chains or use the ‘Hotel Offers’ link in the menu bar at the top of the page.