The security of our systems and applications is important to us. Should you identify a potential vulnerability in any product, system, or asset belonging to IHG, we encourage you to contact us.

• Email your findings to: responsibledisclosure@ihg.com as soon as possible

• Provide sufficient information to enable us to investigate the potential vulnerability, including IP addresses, URLs, description of the vulnerability, and how the vulnerability was identified
• Contact us immediately if you identify personal or corporate data
• Avoid making copies of personal or corporate data and delete all confidential information if a vulnerability is confirmed
• Do not share information about the potential vulnerability with others
• Do not engage in social engineering, penetration testing, denial of service, or physical security testing
• Do not participate in any activity that violates laws or regulations
• IHG does not have a bug bounty program, but we appreciate you sharing potential vulnerabilities with us

We take every submission of potential weaknesses or vulnerabilities seriously and appreciate your efforts to responsibly identify and share this information with us. IHG will work to triage and resolve confirmed weaknesses and vulnerabilities based on complexity and severity.