"Emails sent to customers affected by the data breach reveal that the intrusion was discovered on April 22, and an investigation showed that threat actors had access since October 14, 2025."
"The company said the attackers gained access to a web application housing some guest reservation data, including names, email addresses, phone numbers, and reservation details."
""Importantly, payment and other financial information was not stored in the affected system and therefore was not accessed," BWH Hotels stated."
"The hotel group seems concerned that the attackers may leverage the stolen data for scams and phishing."
BWH Hotels notified some guests that hackers accessed reservation data for more than six months. The company operates over 4,000 hotels worldwide under brands including WorldHotels, Best Western Hotels & Resorts, and Sure Hotels. Emails to affected customers state the intrusion was discovered on April 22, and investigation findings indicate access began on October 14, 2025. The attackers gained access to a web application containing guest reservation information such as names, email addresses, phone numbers, and reservation details. BWH Hotels stated that payment and other financial information was not stored in the affected system and therefore was not accessed. The number of affected individuals remains unclear. The company took the application offline and is investigating with external security experts, while warning that stolen data could be used for scams and phishing.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]