InterContinental Hotels Group (IHG) has disclosed its systems have been breached — again — and that its booking systems and applications have been "significantly disrupted" since Sept. 5.

UK-based IHG operates 17 iconic hospitality brands, including Holiday Inn, Crowne Plaza, and Candlewood Suites. This is the third compromise the massive hotel company has had since 2017.

"IHG is working to fully restore all systems as soon as possible, and to assess the nature, extent, and impact of the incident," explained IHG in a notification of the cyberattack. "We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG's hotels are still able to operate and to take reservations directly."

In the previous attack, the company's point-of-sale systems were compromised, allowing cybercriminals to steal customer credit-card details for guests across 1,200 hotels. Then, in a less sweeping incident, just last month the Holiday Inn in Istanbul was reportedly the victim of a LockBit ransomware attack.

Three Attacks Is a Trend

It's likely the three separate attacks are connected, Justin Vaughan-Brown with Deep Instinct said in an emailed statement. 

"Unfortunately, this is not the first cyberattack that Holiday Inn has experienced, with breaches in 2017 and one last month in Istanbul," Vaughan-Brown noted. "Once cybercriminal groups know that an organization can be breached, it can encourage further attacks."

Some follow-on attacks are simple copycat cybercrimes, while others are carried out for bragging rights — i.e., to demonstrate the ability to pull off the same caper better or faster than the competition, Vaughan-Brown explained.

Hot Hotel Data

Any organization, like a hotel chain, that holds onto massive amounts of valuable, personal data will continue to be a prime target for cyberattacks, Erfan Shadabi, a cybersecurity expert with Comforte AG explained in a statement provided to Dark Reading.

"Consumer-based industries such as travel and entertainment, retail, and financial services definitely apply, as they collect sensitive information on large swathes of their customers and prospects," Shadabi explained. "The reason is simple: threat actors want that data for personal gain."