Payment card-stealing malware has struck about 1,200 of InterContinental Hotels Group’s franchisees’ properties affecting popular brands like Holiday Inn, Holiday Inn Express, Hotel Indigo, Crowne Plaza, Candlewood Suites and Daybridge Suites. IT security experts from OwlDetect and ViaSat Europe commented below.
Professor Richard Benham, Security Advisor at Online Service OwlDetect:
“Holidays are after all meant to create happy memories, but this hack has placed customer bank details, email addresses and full contact details at risk. However, there are steps that people can take to mitigate the danger if they think their details could fall into the wrong hands.
“Firstly clear all cookies, saved passwords and personal information saved on your computer, especially any credit card details. Then secondly, change any passwords which might be affected and use a strong alphanumeric code that includes numbers, hashtags and punctuation. It might be harder to remember but the simpler it is, the easier it is to hack.
“Lastly, add Two-Factor Authentication where possible on your email account. This creates an additional safety barrier for your online safety as hackers are not able to gain access to a site without your mobile phone.”
Marc Agnew, Vice President at ViaSat Europe:
“Organisations need to treat cyber-attacks not as a potential threat, but as an operational inevitability. This means that they must ensure all customer data is encrypted, not just passwords and card details, therefore rendering any stolen data essentially worthless to cyber-criminals.
Inadequately protected customer data can create massive problems for enterprises and consumers alike, so reacting to an attack appropriately and swiftly is vital. From isolating and identifying the origin of an attack; to taking stock of what has been stolen or affected; and making sure those who have been put at risk are notified and protected as soon as possible, in the event of a breach, response times and action plans are of the critical importance.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.