Group PLC is seeking to fend off claims from franchisees five months after a cyberattack that hotel owners say cost them money and disrupted business.
Lawyers for IHG, which owns Holiday Inn, InterContinental Hotels and 16 other brands around the world, have asked a judge to dismiss a lawsuit filed by owners of franchised hotels, arguing their contracts prevent them from seeking damages. The cyberattack didn’t result in personal data being exposed and claims based on alleged failure to protect information shouldn’t apply, IHG’s lawyers said in court papers.
IHG said on Sept. 6 that it detected unauthorized activity on its technology systems and sent an email to franchisees informing them the company’s online reservation technology would be down. Hotel owners said the system was down for a few weeks after the attack, disrupting bookings and forcing staff to use workarounds to find reservations and charge guests for rooms.
“We had major issues where people were not able to book, bookings were really bad, revenue had dropped, customer scores were really bad because everyone was complaining,” said Rich Gandhi, who owns a Holiday Inn Express in Pennsylvania and other IHG properties.
Hotel owners sued IHG in September in U.S. District Court in Atlanta, accusing the company of failing to “adequately invest in data security, despite the growing number of well-publicized data breaches affecting the hospitality and similar industries.” The owners say they haven’t received sufficient information from IHG about the cyberattack, such as how it happened and whether they will be reimbursed for lost business.
A spokeswoman for IHG declined to comment on the lawsuit and said the company is “continuing to support our hotels and owners.”