https://krebsonsecurity.com/2017/04/intercontinental-hotel-chain-breach-expands/
"Headquartered in Denham, U.K., IHG operates more than 5,000 hotels across nearly 100 countries. The company’s dozen brands include Holiday Inn, Holiday Inn Express, InterContinental, Kimpton Hotels, and Crowne Plaza.
According to a statement released by IHG, the investigation “identified signs of the operation of malware designed to access payment card data from cards used onsite at front desks at certain IHG-branded franchise hotel locations between September 29, 2016 and December 29, 2016.”
IHG didn’t say how many properties total were affected, although it has published a state-by-state lookup tool available here. I counted 28 in my hometown state of Virginia alone, California more than double that; Alabama almost the same number as Virginia. So north of 1,000 locations nationwide seems very likely.
IHG has been offering its franchised properties a free examination by an outside computer forensic team hired to look for signs of the same malware infestation known to have hit other properties. But not all property owners have been anxious to take the company up on that offer. As a consequence, there may be more breached hotel locations yet to be added to the state lookup tool."
IHG's statement:
https://www.ihg.com/content/us/en/customer-care/protecting-our-guests/property-listing