BWH Hotels Data Breach Exposes Guest Reservation Information for Six Months

BWH Hotels Data Breach Exposes Guest Reservation Information for Six Months

First seen 12 May 2026, 21:00 UTC TheregisterSecurityaffairs.CoHospitalityinside 82% similarity 54.6

Article Content

Browse articles
ThreatCluster

BWH Hotels has confirmed a data breach affecting guest reservation data across its brands, including WorldHotels and Best Western. The breach, which lasted over six months, allowed unauthorized access to names, email addresses, phone numbers, and reservation details. The intrusion was detected on April 22, 2026, but the compromised data dates back to October 14, 2025. BWH Hotels has stated that no payment information was involved in the breach. The company has engaged cybersecurity experts to enhance security measures and has advised guests to be vigilant against phishing attempts. The exact number of affected guests remains undisclosed, and BWH Hotels is investigating the incident further. The breach follows earlier reports of customer booking data being misused in phishing campaigns.

Key Points: • BWH Hotels confirmed a data breach affecting guest reservation data for over six months. • Unauthorized access included names, email addresses, phone numbers, and reservation details. • No payment information was compromised; guests are advised to be cautious of phishing attempts.

ThreatCluster AI

Timeline

2025-10-14
Data access began
Unauthorized access to guest reservation data started, affecting multiple hotel brands.
The Register
2026-04-22
Breach detected
BWH Hotels identified the data breach and began investigating the unauthorized access.
The Register
2026-05-11
Public disclosure of breach
BWH Hotels publicly confirmed the breach and informed affected customers via email.
The Register
2026-05-12
Further reporting on breach
Security Affairs reported on the breach, highlighting the duration and nature of the data access.
Securityaffairs.Co

Community

Browse all →