Motel One Group Hit with Ransomware. Customer Data Compromised

Ransomware actors have infiltrated the IT infrastructure of German hotel chain Motel One, allegedly making off with troves of customer data, including credit card information.

The Munich-based Motel One was founded in 2000 and operates 90 across Germany, Austria, Switzerland, Belgium, Denmark, Poland, Czech Republic, Netherlands, Spain, France, UK, Ireland, as well as the U.S.

“The Motel One Group has become the target of a hacker attack,” the company says in statement. “The currently unknown perpetrators infiltrated the hotel operator's internal systems and most likely tried to carry out a so-called ransomware attack.”

The low-cost hotel chain claims “the impact was kept to a relative minimum […] thanks to extensive measures,” adding that business operations were never at risk, which suggests the attackers never got to encrypt data on the network.

“The quick immediate measures included commissioning a certified IT security service provider and working with investigative and data protection authorities,” the statement continues.

The group admits that the hackers managed to access customer data, including an unspecified number of addresses and 150 credit card details.

“The affected card holders have already been informed personally,” it notes.

The BlackCat (ALPHV) ransomware operation took credit for the attack in a post on its extortion blog, claiming to have obtained much more data than claimed by Motel One.

“Dear representatives of Motel One, due to the lack of any response from your side, we are releasing a teaser,” reads the extortion note shared by Bleeping Computer. “We have extracted 24,449,137 files, approximately 6 TB of data. This data includes PDF & RTF booking confirmations for the past 3 years (5.5 TB) containing names, addresses, dates of reservation, payment method, and contact information.”

“Additionally,” the post continues, “there is a significant amount of your customers’ credit card data and internal company documents, which undoubtedly hold sensitive information.”

The BlackCat actors warn that leaking the data would generate “a negative media frenzy […] and pose significant reputational and legal risks.”

The post also mentions that Motel One’s management has been “delaying and making excuses,” likely referring to negotiating a ransom. The crew also claims management is well aware of the situation, suggesting the company knows how much data was in fact stolen in the attack.

The hackers are giving Motel One five days to respond “before a catastrophe occurs.”

If the hackers’ claims are true, the stolen data can (and likely will) be sold on the underground web to fraudsters, phishers, and scammers.

Bitdefender Digital Identity Protection scans the web for unauthorized leaks of your personal data, monitoring if your accounts are exposed and making it easy to take action before disaster strikes.