BWH Hotels Data Breach Exposes Guest Reservation Information for Six Months

Severity: Medium (Score: 54.6)

Sources: Securityaffairs.Co, Theregister

Summary

BWH Hotels has confirmed a data breach affecting guest reservation data across its brands, including WorldHotels and Best Western. The breach, which lasted over six months, allowed unauthorized access to names, email addresses, phone numbers, and reservation details. The intrusion was detected on April 22, 2026, but the compromised data dates back to October 14, 2025. BWH Hotels has stated that no payment information was involved in the breach. The company has engaged cybersecurity experts to enhance security measures and has advised guests to be vigilant against phishing attempts. The exact number of affected guests remains undisclosed, and BWH Hotels is investigating the incident further. The breach follows earlier reports of customer booking data being misused in phishing campaigns. Key Points: • BWH Hotels confirmed a data breach affecting guest reservation data for over six months. • Unauthorized access included names, email addresses, phone numbers, and reservation details. • No payment information was compromised; guests are advised to be cautious of phishing attempts.

Key Entities

• Data Breach (attack_type)
• BWH Hotels (company)
• CWE-200 - Exposure of Sensitive Information (cwe)
• T1566 - Phishing (mitre_attack)