A suspected ransomware attack on Holiday Inn has crippled the hotel giant’s ability to book reservations online, resulting in sharp occupancy drops that have sparked legal threats from franchisees, The Post has learned.
InterContinental Hotels Group, which owns Holiday Inn as well as 15 other brands including Crowne Plaza, said hackers breached its systems on Monday, forcing it to shut down its online reservation booking portal.
In response to the hack, which also blocked many customers from booking Holiday Inn rooms on third-party sites such as Expedia and Booking.com, IHG said it was able to resume “intermittent” service on Wednesday.
Some franchisees, however, told The Post that significant disruptions continued to plague the system as of early Friday. Customers who are trying to book rooms can only log onto Holiday Inn’s site and make reservations about half the time, according to Vimal Patel, a franchisee who operates Holiday Inn Express hotels in LaPlace, La. and Donaldsville, La.
As a result, Patel said his hotels this week are operating at less than 50% occupancy, estimating they would be at around 75% if the IHG national reservation system weren’t compromised. For next week, about 20% of his rooms are currently reserved — half the normal rate for mid-September, he said.
“Next week is when things are supposed to pick up pretty fast,” Patel said, noting that his locations mainly serve business customers.
Rich Gandhi, a Holiday Inn franchisee in Exton, Pa., reported similar drops in bookings, claiming that he has sent multiple emails to the IHG operations team and has received no response. Accordingly, Gandhi said he plans to file a class-action suit against IHG on behalf of Holiday Inn franchisees in the coming days.
“The franchisees are getting murdered here and IHG doesn’t care,” Gandhi said.
On Tuesday, IHG Chief Executive Keith Barr said the Monday hack had “significantly disrupted” the company’s online booking, as well as its customer service centers and internal communications. A day later, Barr said the company’s web and mobile portals had been reactivated, but warned that “services will remain intermittent as we work to ensure the stability of our systems and we are expecting continued disruption.”
Holiday Inn representatives didn’t respond to requests for further comment from The Post.
Gandhi gripes that the company’s franchisees — whose hotels account for 71% of its 880,000 rooms worldwide, according to IHG’s 2021 annual report — pay IHG a technology fee equal to about 2% of gross revenue.
“If their computer system is flawed why are they charging us a technology fee?” Gandhi asked.
Patel said he asked IHG this week about getting reimbursed for his losses. In response, he says he was told that franchisees are on the hook for any losses from security breaches.
“IHG said the franchisees will not be compensated in any way shape or form,” Patel added. “This risk is part of our franchise agreement.”