The owner of the Holiday Inn and Crowne Plaza hotel
UK-based Intercontinental Hotels Group (IHG) said all but one of the locationsaffected were in the US, with the other being in Puerto Rico.
Guests have been warned they could have had money stolen as a consequence.
One expert said there might be further hotels affected.
Buckinghamshire-based IHG had previously reported in February that a dozen US hotels
“On behalf of franchisees and in co-operation with the payment card networks and acquiring banks, IHG is co-ordinating the investigation that is now under way,” a spokeswoman told the BBC following the latest discovery.
“Individuals should closely monitor their payment card account statements. If there are unauthorised charges, individuals should immediately notify their bank.
“Payment card network rules generally state that cardholders are not responsible for such charges.”
Other affected brands include Hotel
Hijacked card data
IHG said an investigation had detected signs the malware had been active at front-desk payment locations at the hotels between 29 September and 29 December 2016.
However, it only has confirmation that the threat was definitely eradicated last month.
The attack hijacked information taken from the payment cards’ magnetic strips as it was being routed through the hotels
This could include the card number, expiration date and verification code.
IHG does not believe other guest information was stolen.
It has published a tool for visitors to check if hotels they stayed at are among those affected.
The firm notes that other franchisees that had adopted an encryption-based security measure would not have been affected.
But one cybersecurity expert said that the list might not be comprehensive.
“IHG has been offering its franchised properties a free examination by an outside computer forensic team,” wrote Brian Krebs.
“But not all property owners have been anxious to take the company up on that offer.
“As a consequence, there may be more breached hotel locations
Other hotel chains
The US has been slower to switch to a chip-and-pin system than many other countries, which makes it more difficult to carry out such attacks.
Source:BBC