Holiday Inn Express Hotels in Santa Barbara, Lompoc, Atascadero and Solvang were part of a security breach that affected 1,200 InterContinental Hotels Group locations beginning Sept. 29, 2016, the company announced April 14.
IHG said it hired a cyber security firm to conduct an investigation into the breaches in February, which identified malware intended to access payment card data, and confirmed that it had been removed.
Many IHG-branded locations are independently owned and operated franchises, the company said in a statement, and were informed by payment card networks “of patterns of unauthorized charges occurring on payment cards after they were legitimately used at their locations.”
Data that could have been tracked included cardholder names, card numbers, expiration dates and internal verification codes, it said. IHG informed law enforcement of the breach and is evaluating ways for its franchisees to increase security.
Sixty other locations throughout the state were also affected.
• Contact Marissa Nall at [email protected]