InterContinental Hotel Group says that it has found malware designed to steal payment card details at around 1200 of its franchise hotels in the US.
UK-based IHG - which operates brands including Holiday Inn and Crowne Plaza - says that the breach affects cards used at front desks at the hotels between late September and late December last year.
The company had admitted a breach in February but said that only around 12 properties were involved. It has now posted an online tool showing around 1200 hotels were hit in the US and one in Puerto Rico.
IHG says that it became aware of the breach after franchisees were contacted by card networks warning about unauthorised charges on cards that had been used legitimately at their hotels.
An investigation found malware which searched for track data - card numbers, expiration dates, internal verification code and, sometimes, names - read from the magnetic stripe of cards as it was being routed through the affected hotel server.
Franchisees that used IHG's P2P encryption payment technology before September were not affected by the Malware, says the hotel group.