In what ’ s becoming a familiar refrain to guests , InterContinental Hotels Group , said late last week that payment card systems at more than 1,000 of its hotels had been breached Attack.Databreach . It ’ s the second breach that IHG , a multinational hotel conglomerate that counts Holiday Inn and Crowne Plaza among its chains , has disclosed this year . The company acknowledged in February that a credit card breach Attack.Databreach affected 12 of its hotels and restaurants . In a notice published to its site on Friday the company said a second breach Attack.Databreach occurred at select hotels between Sept. 29 and Dec. 29 last year . IHG says there ’ s no evidence payment card data was accessed Attack.Databreach after that point but can ’ t confirm the malware was eradicated until two to three months later , in February/March 2017 , when it began its investigation around the breach . Like most forms of payment card malware these days , IHG said the variant on their system siphoned track data Attack.Databreach – customers ’ card number , expiration date , and internal verification code – from the magnetic strip of cards as they were routed through affected hotel servers . The hotelier said the first breach Attack.Databreach also stemmed from malware found on servers used to process credit cards , but from August to December 2016 . That breach Attack.Databreach affected hotels , along with bars and restaurants at hotels , such as Michael Jordan ’ s Steak House and Bar at InterContinental Chicago and the Copper Lounge at Intercontinental Los Angeles . IHG didn ’ t state exactly how many properties were affected by the second breach Attack.Databreach but that customers can use a lookup tool the company has posted to its site to search for hotels in select states and cities . IHG gives a timeline for each property and says hotels listed on the tool “ may have been affected. ” A cursory review of hotels in the lookup tool suggests far more than a dozen – more than a thousand – hotels , were affected by the malware . IHG says that since the investigation is ongoing the tool may may be updated periodically . Some properties , for a reason not disclosed , elected to not participate in the investigation , IHG said . While the company operates 5,000 hotels worldwide this most recent breach Attack.Databreach affects mostly U.S.-based chains . One hotel in Puerto Rico , a Holiday Inn Express in San Juan , is the only non-U.S. property that hit by malware this time around , IHG claims . The company said it began implementing a point-to-point encryption payment solution – technology that can reportedly prevent malware from scouring systems for payment card data last fall . The hotels that were hit by this particular strain of malware had not yet implemented the encryption technology , IHG claims . The news comes as an IHG subsidiary , boutique hotel chain Kimpton , is fighting a class action court case that alleges the company failed to take adequate and reasonable measures to protect guests payment card data . The chain said it was investigating a rash of unauthorized charges on cards used at its locations last summer . It eventually confirmed a breach Attack.Databreach in late August that involved cards used from Feb. 16 , 2016 and July 7 , 2016 at nearly all of its restaurants and hotels .

Unfortunately , Yahoo did n't , according to a new internal investigation . The internet pioneer , which reported a massive data breach Attack.Databreach involving 500 million user accounts in September , actually knew an intrusion Attack.Databreach had occurred back in 2014 , but allegedly botched its response . The findings were made in a Yahoo securities exchange filing on Wednesday that offered more details about the 2014 breach , which the company has blamed on a state-sponsored hacker . That breach Attack.Databreach , which only became public last year , involved the theft Attack.Databreach of user account details such as email addresses , telephone numbers , and hashed passwords . After Yahoo went public with it , the company established an independent committee to investigate the matter . The committee found that Yahoo ’ s security team and senior executives actually knew that a state-sponsored actor had hacked certain user accounts back in 2014 , according to the filing . But even as the company took some remedial actions , such as notifying 26 users targeted in the hack and adding new security features , some senior executives allegedly failed to comprehend or investigate the incident further . For instance , in December 2014 , Yahoo 's security team knew the state-sponsored actor had stolen Attack.Databreach copies of backup files that contained users ' personal data . But it 's unclear whether this information was ever `` effectively communicated and understood '' outside the security team , Wednesday 's filing said . No intentional suppression of information was found , although Yahoo 's legal team had enough reason to investigate the breaches further , the committee concluded . `` As a result , the 2014 security Incident was not properly investigated and analyzed at the time , '' the filing said . It was only about two years later when Yahoo publicly disclosed the breach . That came after a stolen database from the company allegedly went up Attack.Databreach for sale on the black market . However , after Yahoo disclosed the breach Attack.Databreach , a few months later , the company learned of an even bigger hack Attack.Databreach that involved 1 billion Yahoo user accounts and further rocked the company 's reputation . That breach Attack.Databreach originally occurred in August 2013 but wasn ’ t noticed until law enforcement provided Yahoo with a copy of the stolen data last November . According to Wednesday 's filing , Yahoo still hasn ’ t learned how this data was stolen Attack.Databreach , although it appears to be separate from the 2014 breach . In addition , the company has been investigating an another incident involving a hacker forging cookies as a way to break into user accounts . Wednesday 's filing said that about 32 million user accounts were affected .

Unfortunately , Yahoo did n't , according to a new internal investigation . The internet pioneer , which reported a massive data breach Attack.Databreach involving 500 million user accounts in September , actually knew an intrusion Attack.Databreach had occurred back in 2014 , but allegedly botched its response . The findings were made in a Yahoo securities exchange filing on Wednesday that offered more details about the 2014 breach , which the company has blamed on a state-sponsored hacker . That breach Attack.Databreach , which only became public last year , involved the theft Attack.Databreach of user account details such as email addresses , telephone numbers , and hashed passwords . After Yahoo went public with it , the company established an independent committee to investigate the matter . The committee found that Yahoo ’ s security team and senior executives actually knew that a state-sponsored actor had hacked certain user accounts back in 2014 , according to the filing . But even as the company took some remedial actions , such as notifying 26 users targeted in the hack and adding new security features , some senior executives allegedly failed to comprehend or investigate the incident further . For instance , in December 2014 , Yahoo 's security team knew the state-sponsored actor had stolen Attack.Databreach copies of backup files that contained users ' personal data . But it 's unclear whether this information was ever `` effectively communicated and understood '' outside the security team , Wednesday 's filing said . No intentional suppression of information was found , although Yahoo 's legal team had enough reason to investigate the breaches further , the committee concluded . `` As a result , the 2014 security Incident was not properly investigated and analyzed at the time , '' the filing said . It was only about two years later when Yahoo publicly disclosed the breach . That came after a stolen database from the company allegedly went up Attack.Databreach for sale on the black market . However , after Yahoo disclosed the breach Attack.Databreach , a few months later , the company learned of an even bigger hack Attack.Databreach that involved 1 billion Yahoo user accounts and further rocked the company 's reputation . That breach Attack.Databreach originally occurred in August 2013 but wasn ’ t noticed until law enforcement provided Yahoo with a copy of the stolen data last November . According to Wednesday 's filing , Yahoo still hasn ’ t learned how this data was stolen Attack.Databreach , although it appears to be separate from the 2014 breach . In addition , the company has been investigating an another incident involving a hacker forging cookies as a way to break into user accounts . Wednesday 's filing said that about 32 million user accounts were affected .