The Play ransomware gang claimed responsibility for a cyberattack on H-Hotels (h-hotels.com) that resulted in communication outages for the company.
H-Hotels is a hotel company with 60 hotels at 50 locations in Germany, Austria and Switzerland, offering a total capacity of 9,600 rooms.
The hotel chain employs 2,500 people and is one of the largest in the DACH region, operating under “H-Hotels” and the sub-brands Hyperion, H4 Hotels, H2 Hotels, H+ Hotels, H.ostels and Homes.
H-Hotels disclosed the cyberattack last week and said the security incident happened on Sunday, December 11, 2022.
“According to the first conclusions of internal and external IT specialists, cybercriminals managed to break through the extensive technical and organizational protection systems of IT during a professional attack”, explained the H-Hotel. security incident notification.
“After the discovery of the cyberattack, the computer systems were immediately shut down and disconnected from the Internet to prevent further spread.”
Although the attack did not impact guest reservations, hotel staff still cannot receive or respond to guest inquiries sent via email, so it is recommended to contact H- Hotels by telephone if necessary.
The company has informed German investigative authorities of the incident and is working with a computer forensics company to restore the systems as quickly as possible. H-Hotels also states that it ensures that it is adequately protected against similar cyberattacks in the future.
Data allegedly stolen in attack
Play ransomware claimed responsibility for the attack on H-Hotels and listed the company on its Tor site today, claiming to have stolen an undisclosed amount of data in the cyberattack.
The ransomware gang claims to have stolen private and personal data including customer documents, passports, IDs, etc. However, the threat actors have not released any samples to back up these claims.
Additionally, H-Hotels denied seeing evidence of data exfiltration in last week’s announcement, and there have been no updates on the matter since then.
“To date, the commissioned computer forensics experts have no evidence that any relevant or personal data could be stolen by the cyberattack,” the announcement read.
“If an outflow of personal data is observed during these investigations, H-Hotels.com will inform the persons concerned.”
Being an EU-based company, a large-scale data breach impacting customer data would have GDPR implications, making the cyberattack even more damaging.
For hotel guests, the potential exposure of their contact details and booking data can be a serious case of privacy breach, providing future location information, financial information, etc.