If you stayed in an InterContinental Hotels Group (IHG) property in the Americas last year, there’s a chance that someone has stolen your credit-card information.

Hackers stole data from at least 1,200 IHG hotels in the Americas, The Verge reported, far more than the 100 properties initially reported by the hotel chain in December 2016. That number may grow as IHG receives data back from more of its franchised hotels. The group has 3,925 hotels in the Americas.

The data breach occurred between September and December of 2016. IHG says that cardholder names, numbers, expiration dates, and internal verification codes were obtained by hackers using credit-card stealing malware. The malware wasn’t eliminated until March 2017.

IHG learned of the security breach when guest credit cards were used without authorization after stays at the group’s hotels.

The company has created a tool that customers can use to determine if they have been affected by the hack.

IHG brands include Intercontinental Hotels, Kimpton, Hotel Indigo, Even Hotels, Hualuxe, Crown Plaza, Holiday Inn, Holiday Inn Express, Holiday Inn Resorts, Holiday Inn Club Vacations, Staybridge Suites, and Candlewood Suites.