Hospitality group BWH Hotels is informing some guests that hackers had access to reservation data for more than six months.
BWH Hotels operates more than 4,000 hotels worldwide, including brands such as WorldHotels, Best Western Hotels & Resorts, and Sure Hotels.
Emails sent to customers affected by the data breach reveal that the intrusion was discovered on April 22, and an investigation showed that threat actors had access since October 14, 2025.
The company said the attackers gained access to a web application housing some guest reservation data, including names, email addresses, phone numbers, and reservation details.
“Importantly, payment and other financial information was not stored in the affected system and therefore was not accessed,” BWH Hotels stated.
It’s unclear how many individuals were affected by the incident.
The company took the compromised application offline after discovering the intrusion and launched an investigation with the aid of external security experts.
The hotel group seems concerned that the attackers may leverage the stolen data for scams and phishing.
No known cybercrime group appears to have taken credit for the attack on BWH Hotels.
Related: Booking.com Says Hackers Accessed User Information
Related: Nightclub Giant RCI Hospitality Reports Data Breach
Related: Sophisticated ClickFix Campaign Targeting Hospitality Sector
