Cyber Incident Victim: BWH Hotels
Date:
Oct 2025
Location:
—
Summary
BWH Hotels disclosed that hackers accessed a web application containing guest reservation data for more than six months before the intrusion was discovered. The compromised data included names, email addresses, phone numbers, and reservation details, while payment information was not stored in the affected system. The company took the application offline, launched an investigation with external experts, and warned that the stolen information could be used for scams and phishing.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
BWH Hotels operates a global portfolio of more than four thousand hotels, encompassing brands such as WorldHotels, Best Western Hotels & Resorts, and Sure Hotels. On April 22, 2025, the company began notifying certain guests that unauthorized actors had accessed reservation data within one of its web applications. The notification emails indicated that the intrusion had been discovered on that same date. An internal investigation subsequently determined that the threat actors had maintained access to the compromised system since October 14, 2025. This six‑month window of access preceded the discovery date by roughly half a year.
The affected web application stored certain guest reservation details but did not contain payment or other financial information. According to the company’s statements, the data that was viewed included names, email addresses, phone numbers, and reservation specifics such as stay dates and room types. No financial data, including credit card numbers or bank account information, was present in the application and therefore was not accessed by the intruders. The exact number of individuals whose information was exposed has not been disclosed, and BWH Hotels has indicated that the figure remains unclear. In response to the discovery, the company immediately took the compromised web application offline to prevent further unauthorized access.
Following the containment step, BWH Hotels engaged external security experts to conduct a thorough forensic investigation of the incident. The investigation aimed to determine the scope of the breach, the methods used by the attackers, and any potential residual risks. BWH Hotels has expressed concern that the stolen personal data could be used by the attackers to conduct scams or phishing campaigns against the affected guests. To date, no known cybercrime group has claimed responsibility for the intrusion into BWH Hotels’ reservation system. The company continues to monitor the situation and has advised recipients of the notification emails to remain vigilant for suspicious communications.