---
source: newsletter
source_url: https://securityaffairs.com/192038/data-breach/hackers-accessed-bwh-hotels-reservation-system-for-months.html
tags: [securityaffairs]
title: "Hackers accessed BWH Hotels reservation system for months"
sha256: 80374d3bbf3942e854eb9829e0f3aaeb44575d714cfd213ef066f384e7680bd9
review_value: 7
review_confidence: 8
review_recommendation: worth-reading
review_stars: 3
ingested: 2026-05-14
---
Published Time: 2026-05-12T19:47:27+00:00
Markdown Content:
# Hackers accessed BWH Hotels reservation system for months
[![Image 1](https://securityaffairs.com/wp-content/themes/security_affairs/images/menu-icon.svg)](javascript:void(0);)
[](https://www.facebook.com/sec.affairs/)[](https://twitter.com/securityaffairs)
[![Image 2](https://securityaffairs.com/wp-content/uploads/2023/08/logo.png)](https://securityaffairs.com/)
*   [Home](https://securityaffairs.com/)
*   [Cyber Crime](https://securityaffairs.com/category/cyber-crime)
*   [Cyber warfare](https://securityaffairs.com/category/cyber-warfare-2)
*   [APT](https://securityaffairs.com/category/apt)
*   [Data Breach](https://securityaffairs.com/category/data-breach)
*   [Deep Web](https://securityaffairs.com/category/deep-web)
*   [Hacking](https://securityaffairs.com/category/hacking)
*   [Hacktivism](https://securityaffairs.com/category/hacktivism)
*   [Intelligence](https://securityaffairs.com/category/intelligence)
*   [Artificial Intelligence](https://securityaffairs.com/category/ai)
*   [Internet of Things](https://securityaffairs.com/category/iot)
*   [Laws and regulations](https://securityaffairs.com/category/laws-and-regulations)
*   [Malware](https://securityaffairs.com/category/malware)
*   [Mobile](https://securityaffairs.com/category/mobile-2)
*   [Reports](https://securityaffairs.com/category/reports)
*   [Security](https://securityaffairs.com/category/security)
*   [Social Networks](https://securityaffairs.com/category/social-networks)
*   [Terrorism](https://securityaffairs.com/category/terrorism)
*   [ICS-SCADA](https://securityaffairs.com/category/ics-scada)
*   [Crypto](https://securityaffairs.com/category/digital-id)
*   [POLICIES](https://securityaffairs.com/extended-cookie-policy)
*   [Contact me](https://securityaffairs.com/contact)
[![Image 3](https://securityaffairs.com/wp-content/themes/security_affairs/images/menu-icon.svg)](javascript:void(0);)
[MUST READ](https://securityaffairs.com/must-read/)
[Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming](https://securityaffairs.com/192086/uncategorized/microsoft-patch-tuesday-for-may-2026-fix-138-bugs-some-of-them-are-alarming.html)
|
[OpenLoop Health confirms January 2026 Data breach affecting 716,000](https://securityaffairs.com/192066/uncategorized/openloop-health-confirms-january-2026-data-breach-affecting-716000.html)
|
[Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations](https://securityaffairs.com/192067/security/quest-kace-sma-flaw-cve-2025-32975-when-one-unpatched-tool-opens-the-door-to-60-organizations.html)
|
[Instructure settles with hackers following massive student data theft](https://securityaffairs.com/192059/cyber-crime/instructure-settles-with-hackers-following-massive-student-data-theft.html)
|
[Critical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator](https://securityaffairs.com/192047/security/critical-fortinet-vulnerabilities-fixed-in-fortisandbox-and-fortiauthenticator.html)
|
[Hackers accessed BWH Hotels reservation system for months](https://securityaffairs.com/192038/data-breach/hackers-accessed-bwh-hotels-reservation-system-for-months.html)
|
[The world's most "Dangerous" AI, Anthropic’s Mythos, found only one flaw in curl](https://securityaffairs.com/192029/hacking/the-worlds-most-dangerous-ai-anthropics-mythos-found-only-one-flaw-in-curl.html)
|
[Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor](https://securityaffairs.com/192013/cyber-crime/attackers-exploit-cpanel-cve-2026-41940-to-deploy-filemanager-backdoor.html)
|
[WannaCry, the ransomware attack that changed the history of cybersecurity](https://securityaffairs.com/192015/malware/wannacry-the-ransomware-attack-that-changed-the-history-of-cybersecurity.html)
|
[Android banking Trojan TrickMo evolves using TON network for C2](https://securityaffairs.com/192003/malware/android-banking-trojan-trickmo-evolves-using-ton-network-for-c2.html)
|
[Identity security firm SailPoint discloses GitHub repository breach](https://securityaffairs.com/191997/data-breach/identity-security-firm-sailpoint-discloses-github-repository-breach.html)
|
[Google warns artificial intelligence is accelerating cyberattacks and zero-day exploits](https://securityaffairs.com/191984/ai/google-warns-artificial-intelligence-is-accelerating-cyberattacks-and-zero-day-exploits.html)
|
[Crimenetwork returns after takedown, dismantled again by German authorities](https://securityaffairs.com/191969/cyber-crime/crimenetwork-returns-after-takedown-dismantled-again-by-german-authorities.html)
|
[U.S. CISA adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/191964/security/u-s-cisa-adds-a-flaw-in-berriai-litellm-to-its-known-exploited-vulnerabilities-catalog.html)
|
[Instagram removed end-to-end encryption for DMs. What should users do?](https://securityaffairs.com/191941/security/instagram-removed-end-to-end-encryption-for-dms-what-should-users-do.html)
|
[New cPanel vulnerabilities could allow file access and remote code execution](https://securityaffairs.com/191931/security/new-cpanel-vulnerabilities-could-allow-file-access-and-remote-code-execution.html)
|
[Official JDownloader site served malware to Windows and Linux users between May 6 and May 7](https://securityaffairs.com/191920/malware/official-jdownloader-site-served-malware-to-windows-and-linux-users.html)
|
[SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 96](https://securityaffairs.com/191911/malware/security-affairs-malware-newsletter-round-96.html)
|
[Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence](https://securityaffairs.com/191898/malware/quasar-linux-rat-qlnx-a-fileless-linux-implant-built-for-stealth-and-persistence.html)
|
[Braintrust security incident raises concerns over AI supply chain risks](https://securityaffairs.com/191888/data-breach/braintrust-security-incident-raises-concerns-over-ai-supply-chain-risks.html)
|
*   [Home](https://securityaffairs.com/)
*   [Cyber Crime](https://securityaffairs.com/category/cyber-crime)
*   [Cyber warfare](https://securityaffairs.com/category/cyber-warfare-2)
*   [APT](https://securityaffairs.com/category/apt)
*   [Data Breach](https://securityaffairs.com/category/data-breach)
*   [Deep Web](https://securityaffairs.com/category/deep-web)
*   [Hacking](https://securityaffairs.com/category/hacking)
*   [Hacktivism](https://securityaffairs.com/category/hacktivism)
*   [Intelligence](https://securityaffairs.com/category/intelligence)
*   [Artificial Intelligence](https://securityaffairs.com/category/ai)
*   [Internet of Things](https://securityaffairs.com/category/iot)
*   [Laws and regulations](https://securityaffairs.com/category/laws-and-regulations)
*   [Malware](https://securityaffairs.com/category/malware)
*   [Mobile](https://securityaffairs.com/category/mobile-2)
*   [Reports](https://securityaffairs.com/category/reports)
*   [Security](https://securityaffairs.com/category/security)
*   [Social Networks](https://securityaffairs.com/category/social-networks)
*   [Terrorism](https://securityaffairs.com/category/terrorism)
*   [ICS-SCADA](https://securityaffairs.com/category/ics-scada)
*   [Crypto](https://securityaffairs.com/category/digital-id)
*   [POLICIES](https://securityaffairs.com/extended-cookie-policy)
*   [Contact me](https://securityaffairs.com/contact)
[![Image 4](https://securityaffairs.com/wp-content/themes/security_affairs/images/resecurity_banner_header_mobile.png)](https://resecurity.com/)
*   [Home](https://securityaffairs.com/)
*   [Breaking News](https://securityaffairs.com/category/breaking-news)
*   [Cyber Crime](https://securityaffairs.com/category/cyber-crime)
*   [Data Breach](https://securityaffairs.com/category/data-breach)
*   [Security](https://securityaffairs.com/category/security)
*   Hackers accessed BWH Hotels reservation system for months
## Hackers accessed BWH Hotels reservation system for months
_![Image 5](https://securityaffairs.com/wp-content/themes/security\_affairs/images/user-icon.svg)_[Pierluigi Paganini](https://securityaffairs.com/author/paganinip)_![Image 6](https://securityaffairs.com/wp-content/themes/security\_affairs/images/clock-icon.svg)_ May 12, 2026
![Image 7](https://i0.wp.com/securityaffairs.com/wp-content/uploads/2026/05/image-34.png?fit=776%2C320&ssl=1)
## BWH Hotels says hackers accessed guest reservation data, including names and contacts, for over six months across multiple hotel brands.
BWH Hotels disclosed a data breach, with threat actors having had access to guest reservation data for more than six months. The incident exposed names and contact details of an undisclosed number of guests.
BWH Hotels is one of the world’s largest hotel networks, operating more than 4,000 hotels in over 100 countries. The group was created from the evolution of Best Western and today manages a multi-brand portfolio ranging from budget to luxury hospitality.
The hospitality group included brands such as Best Western Hotels & Resorts, WorldHotels, and Sure Hotels.
BWH Hotels disclosed that hackers accessed a reservation system between October 2025 and April 2026, exposing guest contact details and stay information.
_“We are writing to let you know that on April 22, 2026, we identified unauthorized activity in one of our web applications that houses certain guest reservation data.” reads the [data breach notification](https://www.reddit.com/r/bestwestern/comments/1t7dg8d/security\_breach\_of\_bwh\_booking\_portal/) sent to the affected customers. “We have learned that certain guests’names, email addresses, telephone numbers, and/or home addresses, along with other reservation details (e.g., reservation numbers, dates of stay, and any special requests)for reservations in our system were accessed by an unauthorized third‑party between October 14, 2025 and April 22, 2026, including yours.”_
The company pointed out that payment data was not stored in the affected system and therefore was not compromised.
_“Importantly, payment and other financial information was not stored in the affected system and therefore was not accessed.” continutes the notification._
After discovering the intrusion, BWH took the application offline, revoked access, and hired external cybersecurity experts to support the investigation and strengthen protections.
Guests were also warned to watch for phishing emails, texts, calls, or fake booking messages exploiting the stolen reservation data.
BWH Hotels urged guests to stay alert for phishing emails, fake booking pages, and suspicious payment requests following the breach.
The company recommends customers to verify website addresses before entering payment details and contact their bank immediately if financial data was shared with scammers.
BWH also apologized for the incident and provided support through its data protection office.
At this time, no known cybercriminal group has claimed responsibility for the attack targeting BWH Hotels.
**Follow me on Twitter:**[**@securityaffairs**](https://twitter.com/securityaffairs)**and**[**Facebook**](https://www.facebook.com/sec.affairs)**and**[**Mastodon**](https://infosec.exchange/@securityaffairs)
[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)
**(**[**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–hacking,data breach)**
* * *
[facebook](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsecurityaffairs.com%2F192038%2Fdata-breach%2Fhackers-accessed-bwh-hotels-reservation-system-for-months.html)[linkedin](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsecurityaffairs.com%2F192038%2Fdata-breach%2Fhackers-accessed-bwh-hotels-reservation-system-for-months.html)[twitter](https://twitter.com/share?text=Hackers+accessed+BWH+Hotels+reservation+system+for+months+-&url=https%3A%2F%2Fsecurityaffairs.com%2F192038%2Fdata-breach%2Fhackers-accessed-bwh-hotels-reservation-system-for-months.html&counturl=https%3A%2F%2Fsecurityaffairs.com%2F192038%2Fdata-breach%2Fhackers-accessed-bwh-hotels-reservation-system-for-months.html)
* * *
[BWH Hotels](https://securityaffairs.com/tag/bwh-hotels)[Cybercrime](https://securityaffairs.com/tag/cybercrime)[data breach](https://securityaffairs.com/tag/data-breach)[Hacking](https://securityaffairs.com/tag/hacking)[hacking news](https://securityaffairs.com/tag/hacking-news)[information security news](https://securityaffairs.com/tag/information-security-news)[IT Information Security](https://securityaffairs.com/tag/it-information-security)[Pierluigi Paganini](https://securityaffairs.com/tag/pierluigi-paganini)[Security Affairs](https://securityaffairs.com/tag/security-affairs)[Security News](https://securityaffairs.com/tag/security-news)
#### you might also like
[![Image 8](https://securityaffairs.com/wp-content/uploads/2026/05/image-35.png)](https://securityaffairs.com/192067/security/quest-kace-sma-flaw-cve-2025-32975-when-one-unpatched-tool-opens-the-door-to-60-organizations.html)
_![Image 9](https://securityaffairs.com/wp-content/themes/security\_affairs/images/user-icon.svg)_[Pierluigi Paganini](https://securityaffairs.com/author/paganinip)_![Image 10](https://securityaffairs.com/wp-content/themes/security\_affairs/images/clock-icon.svg)_ May 13, 2026
##### [Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations](https://securityaffairs.com/192067/security/quest-kace-sma-flaw-cve-2025-32975-when-one-unpatched-tool-opens-the-door-to-60-organizations.html)
[Read more](https://securityaffairs.com/192067/security/quest-kace-sma-flaw-cve-2025-32975-when-one-unpatched-tool-opens-the-door-to-60-organizations.html)
[![Image 11](https://securityaffairs.com/wp-content/uploads/2026/05/image-9.png)](https://securityaffairs.com/192059/cyber-crime/instructure-settles-with-hackers-following-massive-student-data-theft.html)
_![Image 12](https://securityaffairs.com/wp-content/themes/security\_affairs/images/user-icon.svg)_[Pierluigi Paganini](https://securityaffairs.com/author/paganinip)_![Image 13](https://securityaffairs.com/wp-content/themes/security\_affairs/images/clock-icon.svg)_ May 13, 2026
##### [Instructure settles with hackers following massive student data theft](https://securityaffairs.com/192059/cyber-crime/instructure-settles-with-hackers-following-massive-student-data-theft.html)
[Read more](https://securityaffairs.com/192059/cyber-crime/instructure-settles-with-hackers-following-massive-student-data-theft.html)
#### leave a comment
#### newsletter
###### Subscribe to my email list and stay
 up-to-date!
#### recent articles
[![Image 14](https://securityaffairs.com/wp-content/uploads/2014/12/Microsoft-Patch-Tuesday-Exchange-server.png)](https://securityaffairs.com/192086/uncategorized/microsoft-patch-tuesday-for-may-2026-fix-138-bugs-some-of-them-are-alarming.html)
###### [Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming](https://securityaffairs.com/192086/uncategorized/microsoft-patch-tuesday-for-may-2026-fix-138-bugs-some-of-them-are-alarming.html)
[Uncategorized](https://securityaffairs.com/category/uncategorized)/ May 13, 2026
[![Image 15](https://securityaffairs.com/wp-content/uploads/2012/04/data-breach.jpg)](https://securityaffairs.com/192066/uncategorized/openloop-health-confirms-january-2026-data-breach-affecting-716000.html)
###### [OpenLoop Health confirms January 2026 Data breach affecting 716,000](https://securityaffairs.com/192066/uncategorized/openloop-health-confirms-january-2026-data-breach-affecting-716000.html)
[Uncategorized](https://securityaffairs.com/category/uncategorized)/ May 13, 2026
[![Image 16](https://securityaffairs.com/wp-content/uploads/2026/05/image-35.png)](https://securityaffairs.com/192067/security/quest-kace-sma-flaw-cve-2025-32975-when-one-unpatched-tool-opens-the-door-to-60-organizations.html)
###### [Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations](https://securityaffairs.com/192067/security/quest-kace-sma-flaw-cve-2025-32975-when-one-unpatched-tool-opens-the-door-to-60-organizations.html)
[Security](https://securityaffairs.com/category/security)/ May 13, 2026
[![Image 17](https://securityaffairs.com/wp-content/uploads/2026/05/image-9.png)](https://securityaffairs.com/192059/cyber-crime/instructure-settles-with-hackers-following-massive-student-data-theft.html)
###### [Instructure settles with hackers following massive student data theft](https://securityaffairs.com/192059/cyber-crime/instructure-settles-with-hackers-following-massive-student-data-theft.html)
[Cyber Crime](https://securityaffairs.com/category/cyber-crime)/ May 13, 2026
[![Image 18](https://securityaffairs.com/wp-content/uploads/2019/11/fortinet-logo.jpg)](https://securityaffairs.com/192047/security/critical-fortinet-vulnerabilities-fixed-in-fortisandbox-and-fortiauthenticator.html)
###### [Critical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator](https://securityaffairs.com/192047/security/critical-fortinet-vulnerabilities-fixed-in-fortisandbox-and-fortiauthenticator.html)
[Security](https://securityaffairs.com/category/security)/ May 13, 2026
[![Image 19](https://securityaffairs.com/wp-content/uploads/2024/03/Resecurity-Banner.jpg)](https://resecurity.com/)
[![Image 20](https://securityaffairs.com/wp-content/uploads/2023/08/footer-logo.png)](https://securityaffairs.com/)
To contact me write an email to:
 Pierluigi Paganini : 
[[email protected]](https://securityaffairs.com/cdn-cgi/l/email-protection#7a0a131f08160f131d13540a1b1d1b141314133a091f190f08130e031b1c1c1b130809541915)
[LEARN MORE](https://securityaffairs.com/contact/)
#### QUICK LINKS
*   [Home](https://securityaffairs.com/)
*   [Cyber Crime](https://securityaffairs.com/category/cyber-crime)
*   [Cyber warfare](https://securityaffairs.com/category/cyber-warfare-2)
*   [APT](https://securityaffairs.com/category/apt)
*   [Data Breach](https://securityaffairs.com/category/data-breach)
*   [Deep Web](https://securityaffairs.com/category/deep-web)
*   [Hacking](https://securityaffairs.com/category/hacking)
*   [Hacktivism](https://securityaffairs.com/category/hacktivism)
*   [Intelligence](https://securityaffairs.com/category/intelligence)
*   [Artificial Intelligence](https://securityaffairs.com/category/ai)
*   [Internet of Things](https://securityaffairs.com/category/iot)
*   [Laws and regulations](https://securityaffairs.com/category/laws-and-regulations)
*   [Malware](https://securityaffairs.com/category/malware)
*   [Mobile](https://securityaffairs.com/category/mobile-2)
*   [Reports](https://securityaffairs.com/category/reports)
*   [Security](https://securityaffairs.com/category/security)
*   [Social Networks](https://securityaffairs.com/category/social-networks)
*   [Terrorism](https://securityaffairs.com/category/terrorism)
*   [ICS-SCADA](https://securityaffairs.com/category/ics-scada)
*   [Crypto](https://securityaffairs.com/category/digital-id)
*   [POLICIES](https://securityaffairs.com/extended-cookie-policy)
*   [Contact me](https://securityaffairs.com/contact)
Copyright@securityaffairs 2024
[](https://www.facebook.com/sec.affairs/)[](https://twitter.com/securityaffairs)
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
[Cookie Settings](https://securityaffairs.com/192038/data-breach/hackers-accessed-bwh-hotels-reservation-system-for-months.html)[Accept All](https://securityaffairs.com/192038/data-breach/hackers-accessed-bwh-hotels-reservation-system-for-months.html)
Manage consent
Close
#### Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
[](https://securityaffairs.com/192038/data-breach/hackers-accessed-bwh-hotels-reservation-system-for-months.html)
[Necessary](https://securityaffairs.com/192038/data-breach/hackers-accessed-bwh-hotels-reservation-system-for-months.html)
- [x] Necessary 
Always Enabled
 Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information. 
[Non-necessary](https://securityaffairs.com/192038/data-breach/hackers-accessed-bwh-hotels-reservation-system-for-months.html)
- [x] Non-necessary 
 Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website. 
[SAVE & ACCEPT](https://securityaffairs.com/192038/data-breach/hackers-accessed-bwh-hotels-reservation-system-for-months.html)