The group said beginning 5 September, parts of its technology systems were subject to "unauthorised activity", which caused significant disruption to its booking channels and other applications.
On Thursday (29 September), IHG revealed that by 7 September, it had reactivated its bookings websites and mobile app – as well as most of its other booking channels and revenue-generating systems.
"External specialists were engaged to investigate the incident, and no evidence of unauthorised access to systems storing guest data has been identified," said IHG in a statement.
"During the disruption in our central systems, IHG-branded hotels continued to operate and were able to take reservations directly."
The group said it has reported the "criminal activity" to law enforcement agencies and upped security.
"We have continued to carry out additional steps as part of our recovery and assurance plans to review and further enhance our security measures," IHG continued.
"We have also reported the criminal activity to law enforcement. We continue to work closely with our hotels and owners throughout this time."
While IHG has played down the ramifications of the attack for guests, should any sensitive, private or personal data be found to have been compromised during the attack, the group could face scrutiny from the Information Commissioner’s Office (ICO) in the UK.
The ICO eventually fined Marriott International £18.4 million following a 2014 cyber attack on Starwood Hotels and Resorts’ systems, which went undiscovered for four years.
It eventually came to light in 2018 following Marriott’s acquisition of the brand in 2016. British Airways has also been fined by the ICO for a data security breach.
