Skip to content

Some IHG One Rewards points not posting following hack earlier this month

Sept. 26, 2022
4 min read
InterContinental New York Times Square IHG
This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.

If you stayed at an IHG property earlier this month and haven't yet seen points posted for your stay, don't worry: Company officials say you'll eventually receive them. It just might take a little while.

It's a residual problem stemming from a cyber breach of IHG's computer systems in early September that stymied booking and other features on the hotel chain's website for a couple of days.

IHG officials first announced the cyberattack on Sept. 6, noting hackers made their way into the company's systems. If you tried to book a stay with IHG around Labor Day or just after, you may have noticed problems with the website. The hackers attempted to plant ransomware as part of the attack, IHG CEO Keith Barr told TPG last week.

“It’s, unfortunately, the world we live in, that there are cybercriminals out there who were doing this,” he said.

Fortunately, it appears — as of now — that no customer data was compromised. “At this time, we have not identified any evidence of unauthorized access to guest data,” an IHG spokesperson told TPG.

Additionally, IHG's site is back up and running after the company secured its systems. Today, you can log in and check your IHG One Rewards account or book a stay at one of the hotel chain’s properties without issue.


However, there is a lingering problem IHG One Rewards members may still notice.

Points delayed in being credited

Following the early September breach of the hotel chain's computer systems, some IHG One Rewards guests are noticing points from stays earlier in the month still have not been credited to their accounts.

Acknowledging the delays some guests are facing in receiving the points, IHG officials told TPG on Monday that the points are still being processed and that the company's teams "are aware and are working to get this completed as quickly as possible," noting that guests who are missing points will eventually see them get credited to their accounts.

Sign up for our daily newsletter

Cyberattacks more common

IHG is just the latest large company to fall victim to a cyberattack, with data breaches at major companies like large retailers and travel industry corporations an all-too-regular occurrence in recent years. Other major hotel chains like Marriott have previously fallen victim to cyberattacks. IHG itself fell victim to a major breach in 2017.

Considering how common data breaches are, it's always a good idea to routinely change and vary your passwords, even though the investigation into this month's IHG hack has thus far not shown evidence that customer data was compromised. Lengthening your passwords and making them more complex — not to mention varying the passwords you use at work and for banking, email accounts, social media accounts and other sites — can be key factors that keep your passwords from being compromised.

It's a critical step since many customers use the same passwords across many work and personal accounts, says Bankrate, which is owned by Red Ventures, TPG’s parent company.

Speaking with TPG last week, Barr did not dispute reports that the cybercriminals involved in this month's hack of IHG's systems were able to crack a relatively simple password.

Kimpton Naranta Bali. IHG HOTELS & RESORTS

Bottom line

IHG is continuing its investigation into the breach of its computer systems earlier this month.

While the company currently reports that no customer data was compromised in the cyberattack, IHG One Rewards members may notice some delays in receiving points in their accounts for recent stays.

Editorial disclaimer: Opinions expressed here are the author’s alone, not those of any bank, credit card issuer, airline or hotel chain, and have not been reviewed, approved or otherwise endorsed by any of these entities.