Cyber Incident Victim: Hotelplan UK
Date:
Dec 2023
Location:
United Kingdom
Summary
Hotelplan UK experienced a cyber attack prompting an investigation and the isolation and shutdown of key systems to contain the incident, causing IT disruptions across its travel brands. The company assured no impact on existing bookings but warned of potential service delays while implementing workarounds to restore operations. Its team is prioritizing full system recovery across all brands to resume normal service levels for agents, partners, and customers, maintaining communication through standard channels during the remediation process.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Hotelplan UK experienced a cyber security incident during the weekend preceding December 10, 2023, resulting in significant IT system disruptions. The company, which operates travel brands including Inghams, Explore Worldwide, Esprit Ski, Inntravel, and Santa’s Lapland, confirmed the attack in a public statement issued on Tuesday. Upon detecting the incident, Hotelplan immediately isolated and shut down key systems to contain the threat. Chief executive Joe Ponte stated the organization initiated a thorough investigation into the breach while mobilizing efforts to restore operational capabilities. The company emphasized there would be no impact on holidays or trips already booked, with customer departures continuing as scheduled. Travel agents and suppliers were notified that standard communication channels remained available despite the ongoing disruption. Hotelplan acknowledged implementing temporary workarounds to maintain critical functions but warned partners and customers to anticipate service delays during recovery efforts.
The cyber attack prompted Hotelplan to prioritize restoring brand-specific systems, with Ponte indicating recovery timelines might vary across its portfolio of travel companies. Operational teams worked continuously to resume normal service levels expected by agents, partners, and customers. Ponte publicly apologized for inconveniences caused by the incident while thanking industry partners for their support during the outage. No details regarding the attack vector, threat actor identity, or data compromise were disclosed in the initial statement. The company reiterated its serious approach to cyber security matters but did not specify whether customer or financial data was accessed. Hotelplan’s response remained focused on system restoration and maintaining customer travel commitments, with no reported cancellations of existing bookings. Recovery efforts continued with unresolved delays projected for an unspecified period following the containment actions.