Motel One discloses data breach following ransomware attack

The Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer data, including the details of 150 credit cards.

Motel One is a low-budget hotel chain that operates over ninety hotels with 25,000 rooms in Germany, Austria, the UK, Denmark, Belgium, the Netherlands, Spain, Poland, the Czech Republic, and the United States.

According to the company's press release, a group of unknown attackers infiltrated its network, intending to launch a ransomware attack, but had limited success thanks to its effective protective measures.

"The currently unknown perpetrators infiltrated the hotel operator's internal systems and most likely tried to carry out a so-called ransomware attack," reads the press release.

"Thanks to extensive measures, the impact was kept to a relative minimum. The business operation of one of Europe's largest hotel groups was never at risk."

The company immediately engaged with IT experts to investigate and remediate the incident, while the concerned data protection authorities were also notified accordingly.

The first results of the investigation indicate that the hackers stole customer addresses, including the details of 150 credit cards. The owners of those cards have been informed via personalized notices.

BlackCat claims the attack

The hotel's claims about limited impact are directly countered by the threat actors who took responsibility for the attack, the BlackCat/ALPHV ransomware gang.

The threat group added Motel One to its extortion site on the dark web on September 30, 2023, claiming to have stolen nearly 24.5 million files, totaling 6 TB of size.

"[The stolen data] include PDF & RTF booking confirmations for the past 3 years containing names, addresses, dates of reservation, payment method, and contact information," reads BlackCat's announcement.

"Additionally, there is a significant amount of your customers' credit card data and internal company documents, which undoubtedly hold sensitive information."

BlackCat has given Motel One five days to negotiate the ransom payment with them; otherwise, they threaten to leak all the data they stole from the hotel's computers.

BleepingComputer has contacted Motel One to request more information about the attack and whether or not ALPHV's public disclosure has compelled the firm to revisit its findings, but we have yet to hear back.