IHR
Company Details
Linkedin ID:
ihghotels&resorts
Website:
Employees number:
19,073
Number of followers:
1,606,796
NAICS:
7211
Industry Type:
Homepage:
ihgplc.com
IP Addresses:
3
Company ID:
IHG_3304044
Scan Status:
Completed
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
IHG Hotels & Resorts Vendor Cyber Rating & Cyber Score
ihgplc.comIHG Hotels & Resorts [LON:IHG, NYSE:IHG (ADRs)] is a global hospitality company, with a purpose to provide True Hospitality for Good. With a family of 19 hotel brands and IHG One Rewards, one of the world's largest hotel loyalty programmes, IHG has over 6,300 open hotels in more than 100 countries, and a development pipeline of over 2,000 properties. Luxury & Lifestyle: Six Senses Hotels Resorts Spas, Regent Hotels & Resorts, InterContinental Hotels & Resorts, Vignette Collection, Kimpton Hotels & Restaurants, Hotel Indigo Premium: voco hotels, HUALUXE Hotels & Resorts, Crowne Plaza Hotels & Resorts, EVEN Hotels Essentials: Holiday Inn Express, Holiday Inn Hotels & Resorts, Garner hotels, avid hotels Suites: Atwell Suites, Staybridge Suites, Holiday Inn Club Vacations, Candlewood Suites Exclusive Partners: Iberostar Beachfront Resorts InterContinental Hotels Group PLC is the Group's holding company and is incorporated and registered in England and Wales. Approximately 345,000 people work across IHG's hotels and corporate offices globally. Visit us online for more about our hotels and reservations and IHG One Rewards. To download the IHG One Rewards app, visit the Apple App or Google Play stores.
IHG Hotels & Resorts A.I CyberSecurity Scoring
IHR Risk Score (AI oriented)Between 750 and 799
IHR
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
IHR Global Score (TPRM)XXXX
IHR
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
IHR Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
IHG Hotels & Resorts
Cyber Attack
Rankiteo Explanation
Attack threatening the organization's existence
Description: InterContinental Hotels Group PLC was targeted in a cyberattack that knocked its booking systems offline. An unauthorized activity created technical issues and resulted in its booking channels and other applications being significantly disrupted. IHG immediately implemented response plans, notified regulatory authorities and engaged external specialists to investigate the incident.
Six Continents Hotels, Inc.
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving InterContinental Hotels Group on April 14, 2017. The breach occurred between September 29, 2016, and December 29, 2016, due to malware accessing payment card data at certain franchise locations in the Americas. The number of affected individuals is currently unknown, and specific types of information compromised might include cardholder names, card numbers, expiration dates, and security codes.
InterContinental Hotels Group
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On February 3, 2017, the California Office of the Attorney General reported that Six Continents Hotels, Inc. (doing business as InterContinental Hotels Group - IHG) experienced a data breach affecting guests' payment card data at 12 properties. The breach involved malware installed on servers processing payment cards used at restaurants and bars from August 1, 2016, to December 20, 2016, but left front-desk card transactions unaffected; specific numbers of affected individuals are currently unknown.
IHR Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for IHR
Incidents vs Hospitality Industry Average (This Year)
No incidents recorded for IHG Hotels & Resorts in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for IHG Hotels & Resorts in 2026.
Incident Types IHR vs Hospitality Industry Avg (This Year)
No incidents recorded for IHG Hotels & Resorts in 2026.
Incident History — IHR (X = Date, Y = Severity)
IHR cyber incidents detection timeline including parent company and subsidiaries
IHR Company Subsidiaries
IHG Hotels & Resorts [LON:IHG, NYSE:IHG (ADRs)] is a global hospitality company, with a purpose to provide True Hospitality for Good. With a family of 19 hotel brands and IHG One Rewards, one of the world's largest hotel loyalty programmes, IHG has over 6,300 open hotels in more than 100 countries, and a development pipeline of over 2,000 properties. Luxury & Lifestyle: Six Senses Hotels Resorts Spas, Regent Hotels & Resorts, InterContinental Hotels & Resorts, Vignette Collection, Kimpton Hotels & Restaurants, Hotel Indigo Premium: voco hotels, HUALUXE Hotels & Resorts, Crowne Plaza Hotels & Resorts, EVEN Hotels Essentials: Holiday Inn Express, Holiday Inn Hotels & Resorts, Garner hotels, avid hotels Suites: Atwell Suites, Staybridge Suites, Holiday Inn Club Vacations, Candlewood Suites Exclusive Partners: Iberostar Beachfront Resorts InterContinental Hotels Group PLC is the Group's holding company and is incorporated and registered in England and Wales. Approximately 345,000 people work across IHG's hotels and corporate offices globally. Visit us online for more about our hotels and reservations and IHG One Rewards. To download the IHG One Rewards app, visit the Apple App or Google Play stores.
Loading...
IHR Similar Companies
Marriott International
Marriott International, Inc. is based in Bethesda, Maryland, USA, and encompasses a portfolio of approximately 9,000 properties across more than 30 leading brands in 141 countries and territories. Its heritage can be traced to a root beer stand opened in Washington, D.C., in 1927 by J. Willard and
Kempinski Hotels
Founded in Germany in 1897, Kempinski Hotels has long reflected the finest traditions of European hospitality. Today, as ever, Kempinski is synonymous with distinctive luxury. Located in many of the world's most well-known cities and resorts, the Kempinski collection includes hotels in a grand mann
Mandarin Oriental
Mandarin Oriental Hotel Group is the award-winning owner and operator of some of the world’s most luxurious hotels, resorts and residences. Having grown from its Asian roots into a global brand, the Group now operates 43 hotels, 12 residences and 23 exclusive homes in 26 countries and territories, w
Travel + Leisure Co.
Travel + Leisure Co., the world's leading vacation ownership and membership travel company, provides more than six million vacations to travelers every year. The company’s extensive Vacation Ownership portfolio includes trusted and iconic vacation club brands with a combined 270+ resorts worldwide,
Caesars Entertainment
Caesars Entertainment, Inc. is the largest casino-entertainment Company in the U.S. and one of the world's most diversified casino-entertainment providers. Since its beginning in Reno, NV, in 1937, Caesars Entertainment, Inc. has grown through development of new resorts, expansions and acquisitions.
Kerzner International
Kerzner International has built a diverse collection of iconic brands and luxury properties, earning international acclaim for pioneering destination-defining hospitality, delivering unrivalled service, and curating transformative guest experiences. We are renowned for creating hospitality brands
Hilton (NYSE: HLT) is a leading global hospitality company with a portfolio of 24 world-class brands comprising more than 8,400 properties and over 1.25 million rooms, in 140 countries and territories. Dedicated to fulfilling its founding vision to fill the earth with the light and warmth of hospita
Aramark (NYSE: ARMK) proudly serves the world’s leading educational institutions, Fortune 500 companies, world champion sports teams, prominent healthcare providers, iconic destinations and cultural attractions, and numerous municipalities in 16 countries around the world with food and facilities ma
Landry's
Landry's is a multinational, diversified restaurant, hospitality, gaming, and entertainment leader based in Houston, Texas. The company operates more than 600 establishments around the world, including well-known concepts, such as Landry’s Seafood House, Bubba Gump Shrimp Co., Rainforest Cafe, Mo
.png)
IHR CyberSecurity News
March 21, 2026 10:00 PM
A hotel room in Dubai for £39: Gulf states count the cost of war
Elie Maalouf knows more about conflict than any global hotel boss. When he was a child growing up in Beirut, his family fled Lebanon to...
March 21, 2026 07:48 PM
InterContinental Hotels (ADR) stock faces pressure amid luxury market overcrowding and US RevPAR gai
InterContinental Hotels (ADR) stock, ISIN: GB00BHJYC057, tracks recent US hotel market shifts with luxury overcrowding risks offsetting...
March 21, 2026 06:32 AM
IHG accelerates growth across Mexico with new openings and pipeline
The company has a further 62 hotels with 8600 rooms in development, reflecting strong demand across its Luxury & Lifestyle, Premium, Essentials and Suites...
March 20, 2026 12:27 PM
InterContinental Hotels Group (NYSE: IHG) details March 2026 share buybacks
InterContinental Hotels Group PLC repurchased and plans to cancel shares bought in March 2026 via Goldman Sachs International,...
March 20, 2026 12:15 PM
IHG Targets Rapid Growth in Mexico with Plans to Double Its Hotel Portfolio
IHG Hotels & Resorts, one of the world's foremost hospitality companies, is continuing to strengthen its foothold in Mexico, which ranks as...
March 20, 2026 07:10 AM
IHG plans to cancel 76,481 shares bought on the London exchange
InterContinental Hotels Group (LSE: IHG) purchased 76,481 ordinary shares on 19 March 2026 through Goldman Sachs International under its...
March 19, 2026 06:11 PM
Palm Springs’ Riviera resort has lost millions, owners say in lawsuit
The owners of the Riviera hotel in Palm Springs say they were misled about how profitable the hotel was and have lost millions since buying...
March 19, 2026 06:01 PM
IHG Hotels & Resorts Expands in Mexico with Growth Strategy, Adding Hotels Across Luxury, Midscale and Premium Brands to Capitalize on Tourism Potential
IHG Hotels & Resorts strengthens its position in Mexico with a robust growth strategy, adding luxury, midscale and premium hotels to tap...
March 19, 2026 04:04 PM
How Intercontinental Hotels Group American Depositary Shares (each Representing One) (IHG) Affects Rotational Strategy Timing
Price-action only: Intercontinental Hotels Group American Depositary Shares (each Representing One) (IHG) movements set the tone for...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
IHR CyberSecurity History Information
Official Website of IHG Hotels & Resorts
The official website of IHG Hotels & Resorts is http://www.ihgplc.com.
IHG Hotels & Resorts’s AI-Generated Cybersecurity Score
According to Rankiteo, IHG Hotels & Resorts’s AI-generated cybersecurity score is 796, reflecting their Fair security posture.
How many security badges does IHG Hotels & Resorts’ have ?
According to Rankiteo, IHG Hotels & Resorts currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has IHG Hotels & Resorts been affected by any supply chain cyber incidents ?
According to Rankiteo, IHG Hotels & Resorts has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does IHG Hotels & Resorts have SOC 2 Type 1 certification ?
According to Rankiteo, IHG Hotels & Resorts is not certified under SOC 2 Type 1.
Does IHG Hotels & Resorts have SOC 2 Type 2 certification ?
According to Rankiteo, IHG Hotels & Resorts does not hold a SOC 2 Type 2 certification.
Does IHG Hotels & Resorts comply with GDPR ?
According to Rankiteo, IHG Hotels & Resorts is not listed as GDPR compliant.
Does IHG Hotels & Resorts have PCI DSS certification ?
According to Rankiteo, IHG Hotels & Resorts does not currently maintain PCI DSS compliance.
Does IHG Hotels & Resorts comply with HIPAA ?
According to Rankiteo, IHG Hotels & Resorts is not compliant with HIPAA regulations.
Does IHG Hotels & Resorts have ISO 27001 certification ?
According to Rankiteo,IHG Hotels & Resorts is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of IHG Hotels & Resorts
IHG Hotels & Resorts operates primarily in the Hospitality industry.
Number of Employees at IHG Hotels & Resorts
IHG Hotels & Resorts employs approximately 19,073 people worldwide.
Subsidiaries Owned by IHG Hotels & Resorts
IHG Hotels & Resorts presently has no subsidiaries across any sectors.
IHG Hotels & Resorts’s LinkedIn Followers
IHG Hotels & Resorts’s official LinkedIn profile has approximately 1,606,796 followers.
NAICS Classification of IHG Hotels & Resorts
IHG Hotels & Resorts is classified under the NAICS code 7211, which corresponds to Traveler Accommodation.
IHG Hotels & Resorts’s Presence on Crunchbase
No, IHG Hotels & Resorts does not have a profile on Crunchbase.
IHG Hotels & Resorts’s Presence on LinkedIn
Yes, IHG Hotels & Resorts maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ihghotels&resorts.
Cybersecurity Incidents Involving IHG Hotels & Resorts
As of April 04, 2026, Rankiteo reports that IHG Hotels & Resorts has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
IHG Hotels & Resorts has an estimated 14,067 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at IHG Hotels & Resorts ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Cyber Attack.
Incident Details
Can you provide details on each incident ?
Title: Cyberattack on InterContinental Hotels Group PLC
Description: InterContinental Hotels Group PLC was targeted in a cyberattack that knocked its booking systems offline. An unauthorized activity created technical issues and resulted in its booking channels and other applications being significantly disrupted.
Type: Cyberattack
Title: InterContinental Hotels Group Data Breach
Description: A data breach affecting guests' payment card data at 12 properties of InterContinental Hotels Group (IHG). Malware was installed on servers processing payment cards used at restaurants and bars from August 1, 2016, to December 20, 2016, but front-desk card transactions were unaffected.
Date Detected: 2017-02-03
Date Publicly Disclosed: 2017-02-03
Type: Data Breach
Attack Vector: Malware
Title: Data Breach at Six Continents Hotels, Inc.
Description: The California Office of the Attorney General reported a data breach involving Six Continents Hotels, Inc. (d/b/a InterContinental Hotels Group) on April 14, 2017. The breach occurred between September 29, 2016, and December 29, 2016, due to malware accessing payment card data at certain franchise locations in the Americas. The number of affected individuals is currently unknown, and specific types of information compromised might include cardholder names, card numbers, expiration dates, and security codes.
Date Detected: 2017-04-14
Date Publicly Disclosed: 2017-04-14
Type: Data Breach
Attack Vector: Malware
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyberattack IHG223521922
Systems Affected: booking systemsbooking channelsother applications
Operational Impact: Significant disruption
Incident : Data Breach IHG833072525
Data Compromised: Payment card data
Systems Affected: Servers processing payment cards
Payment Information Risk: High
Incident : Data Breach IHG1056072825
Data Compromised: Cardholder names, Card numbers, Expiration dates, Security codes
Payment Information Risk: True
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Payment card data, Cardholder Names, Card Numbers, Expiration Dates, Security Codes and .
Which entities were affected by each incident ?
Incident : Cyberattack IHG223521922
Entity Name: InterContinental Hotels Group PLC
Entity Type: Corporation
Industry: Hospitality
Incident : Data Breach IHG833072525
Entity Name: InterContinental Hotels Group (IHG)
Entity Type: Hospitality
Industry: Hotel
Location: Multiple locations
Incident : Data Breach IHG1056072825
Entity Name: Six Continents Hotels, Inc. (d/b/a InterContinental Hotels Group)
Entity Type: Hospitality
Industry: Hotel
Location: Americas
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Cyberattack IHG223521922
Incident Response Plan Activated: True
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach IHG833072525
Type of Data Compromised: Payment card data
Sensitivity of Data: High
Incident : Data Breach IHG1056072825
Type of Data Compromised: Cardholder names, Card numbers, Expiration dates, Security codes
Sensitivity of Data: High
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Cyberattack IHG223521922
References
Where can I find more information about each incident ?
Incident : Data Breach IHG833072525
Source: California Office of the Attorney General
Date Accessed: 2017-02-03
Incident : Data Breach IHG1056072825
Source: California Office of the Attorney General
Date Accessed: 2017-04-14
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2017-02-03, and Source: California Office of the Attorney GeneralDate Accessed: 2017-04-14.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Cyberattack IHG223521922
Investigation Status: Investigation in progress
Post-Incident Analysis
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2017-02-03.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2017-04-14.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Payment card data, cardholder names, card numbers, expiration dates, security codes and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was booking systemsbooking channelsother applications and .
Response to the Incidents
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were card numbers, expiration dates, security codes, cardholder names and Payment card data.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Investigation in progress.
.png)
Latest Global CVEs (Not Company-Specific)
Description
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. That assumption is false by construction. HistoryStoreProxy::history_index() explicitly returns None for the valid HistoryStoreProxy::WithoutIndex state. when a full node is syncing or otherwise running without the history index, a remote peer can send RequestTransactionsProof or RequestTransactionReceiptsByAddress and trigger an Option::unwrap() panic on the request path. This issue has been patched in version 1.3.0.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata services and internal network services. This issue has been patched in version 1.5.95.
Risk Information
cvss3
Base: 8.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access to all registered tools and agent capabilities. This issue has been patched in version 4.5.97.
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. This issue has been patched in version 4.5.97.
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete service outage. This issue has been patched in version 4.5.90.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ihghotels&resorts' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
