Cyber Incident Victim: Helsinki, Finland
Date:
Feb 2022
Location:
Finland
Summary
A cyberattack targeting Nordic Hotels and Resorts compromised personal data of nearly 16,000 customers at two Helsinki-based hotels, F6 and Hotel Kämp, with potential impacts on additional Finnish properties. The breach exposed names, phone numbers, addresses, email addresses, and stay dates primarily from historical guest records. Attackers infiltrated systems over several days, though not all customer data from the affected timeframe was accessed. The hotel group discovered the intrusion approximately two months later, promptly notifying Finnish data protection authorities and police while directly informing impacted guests via email. Security vulnerabilities were subsequently addressed, with the company assuring customers that online reservation systems were restored to safe operation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The data breach impacting Nordic Hotels and Resorts' properties in Helsinki occurred between February 10 and February 14, 2022, targeting the Kämp Hotel and F6 Hotel through a compromised third-party service provider. Nordic Choice Hotels' communications advisor Jonathan Blom confirmed the intrusion was detected on April 9, 2022, with a formal report submitted to Finland's Data Protection Ombudsman on April 12. The attack affected 15,947 customers across both establishments, exposing personal information including full names, contact details (phone numbers, email addresses, physical addresses), and specific dates of hotel stays. Notably, the breached records spanned guest data from 2019 onward, though not all customers during this period were impacted. Forensic analysis indicated the incident formed part of a broader campaign affecting multiple Finnish hotels beyond Nordic Choice Hotels' portfolio, though the company declined to identify other victims citing confidentiality between the compromised vendor and affected businesses.
Upon discovery, Nordic Choice Hotels immediately notified impacted guests via email, disclosing the exact categories of exposed data while confirming the vulnerability in their service provider's systems had been patched. The organization emphasized that online reservation platforms were restored to secure operation following remediation. Hotel management classified the incident as a serious violation of guest trust, reiterating their commitment to prioritizing customer safety in public statements. Concurrently, mandatory breach notifications were filed with both the Finnish Police and Data Protection Ombudsman, though initial reports incorrectly referenced European data authorities before correction. No evidence suggested financial data or payment card information was compromised in the attack, with the fallout primarily involving unauthorized access to personally identifiable information and lodging history. The company maintained operational continuity at affected properties throughout the response period while cooperating with law enforcement investigations.