430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hackers accessed BWH Hotels reservation system for months

BWH Hotels says hackers accessed guest reservation data, including names and contacts, for over six months across multiple hotel brands. BWH Hotels disclosed a data breach, with threat actors having had access to guest reservation data for more than six months. The incident exposed names and contact details of an undisclosed number of guests. BWH […]

BWH Hotels

BWH Hotels says hackers accessed guest reservation data, including names and contacts, for over six months across multiple hotel brands.

BWH Hotels disclosed a data breach, with threat actors having had access to guest reservation data for more than six months. The incident exposed names and contact details of an undisclosed number of guests.

BWH Hotels is one of the world’s largest hotel networks, operating more than 4,000 hotels in over 100 countries. The group was created from the evolution of Best Western and today manages a multi-brand portfolio ranging from budget to luxury hospitality.

The hospitality group included brands such as Best Western Hotels & Resorts, WorldHotels, and Sure Hotels.

BWH Hotels disclosed that hackers accessed a reservation system between October 2025 and April 2026, exposing guest contact details and stay information.

“We are writing to let you know that on April 22, 2026, we identified unauthorized activity in one of our web applications that houses certain guest reservation data.” reads the data breach notification sent to the affected customers. “We have learned that certain guests’ names, email addresses, telephone numbers, and/or home addresses, along with other reservation details (e.g., reservation numbers, dates of stay, and any special requests) for reservations in our system were accessed by an unauthorized third‑party between October 14, 2025 and April 22, 2026, including yours.”

The company pointed out that payment data was not stored in the affected system and therefore was not compromised.

“Importantly, payment and other financial information was not stored in the affected system and therefore was not accessed.” continutes the notification.

After discovering the intrusion, BWH took the application offline, revoked access, and hired external cybersecurity experts to support the investigation and strengthen protections.

Guests were also warned to watch for phishing emails, texts, calls, or fake booking messages exploiting the stolen reservation data.

BWH Hotels urged guests to stay alert for phishing emails, fake booking pages, and suspicious payment requests following the breach.

The company recommends customers to verify website addresses before entering payment details and contact their bank immediately if financial data was shared with scammers.

BWH also apologized for the incident and provided support through its data protection office.

At this time, no known cybercriminal group has claimed responsibility for the attack targeting BWH Hotels.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)