Cyber Incident Victim: arcona Hotels & Resorts
Date:
May 2025
Location:
Germany
Summary
arcona Hotels & Resorts detected technical irregularities and, following an initial review by its IT service provider, temporarily disconnected its locations from central IT services to limit potential damage. Despite the incident, hotel operations, reservations via the website and the myarcona customer club, and email communication continued without restriction, while authorities were notified and the IT forensics firm ResponseOne GmbH was engaged for analysis and remediation. The company stated it would provide updates and directed inquiries to a designated email address.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Friday, May 23, 2025, arcona Hotels & Resorts observed technical irregularities within its IT systems. An initial review was carried out by the company's IT service provider to assess the nature of the irregularities. Based on that review, the decision was taken to separate the individual hotel locations from the central IT services as a precautionary step. This separation was intended to limit any possible damage that might arise from the irregularities. Despite the isolation of the locations, the overall hotel operation continued to function normally. Guests remained able to make reservations through the public website and via their login in the myarcona customer club without any restrictions.
Email communication was also reported to be unrestricted and fully operational during the incident. The company promptly informed the relevant authorities about the detected irregularities. To support the technical analysis and management of the situation, arcona Hotels & Resorts engaged ResponseOne GmbH, a firm specializing in IT forensics. The organization stated that it would provide ongoing updates on the further progress of the incident. For inquiries related to the cyber incident, the designated contact address [email protected] was made available. arcona Hotels & Resorts thanked its guests and partners for their understanding while the investigation and response efforts proceeded.