H-Hotels, a prominent hospitality company with 60 hotels in Germany, Austria, and Switzerland, experienced a cyberattack on December 11th, 2022. Play ransomware has claimed responsibility for the attack, which caused communication outages for the hotel chain, affecting the ability of hotel staff to receive or answer customer requests sent via email.
Although guest bookings were not affected, the ransomware gang claims to have stolen an undisclosed amount of data during the cyberattack, including private and personal data such as client documents, passports, and IDs. H-Hotels denied any evidence of data exfiltration in its announcement, but if data leakage is discovered, the company will inform those affected.
As a European Union-based company, a significant data leak could have severe GDPR consequences, and guests’ personal information being exposed could result in a severe privacy breach. H-Hotels is working with an IT forensics firm to restore its systems and ensure protection against similar attacks in the future.