At front desks as well as hotel bars and restaurants.
InterContinental Hotels Group said on Friday that a malware in the servers at 12 of its hotels in the United States tracked payment card data if the card was used at the hotels’ restaurants and bars between August and December last year.
The company said that the malware searched for track data—the cardholder’s name, card number, expiration date, and the verification code—read from the magnetic stripe of a card as it was being routed through the affected server.
InterContinental ihg did not identify the properties or specify the number of cards affected or if any data had been stolen. The company was not immediately reachable for comment.
Get Data Sheet, Fortune’s technology newsletter.
InterContinental said payment cards used at the front desk of the 12 hotels were not affected and that it was still conducting an investigating on its other hotels in the Americas region.
The company, which owns the Holiday Inn brand, said in December it had hired cybersecurity firms to investigate claims of a possible payment card breach at some of its U.S. hotels.
InterContinental’s Kimpton Hotels & Restaurants in August had reported a similar malware attack on servers that processed payment cards used at some of its hotels.