Hackers gained unauthorized access to reservation data from the Best Western Hotels chain for six months.
“On April 22, 2026, we detected unauthorized activity in one of our web applications where certain guest reservation data is stored,” the hotel chain Best Western Hotels (BWH) writes in a notice on their website. During this incident, malicious actors gained access to guest reservation data, such as names, email addresses, and phone numbers. Following the discovery, the application was immediately taken offline. BWH has engaged security experts to investigate the incident.
Personal data
According to the announcement, malicious actors gained access to personal data such as names, email addresses, phone numbers, and/or residential addresses of certain guests, as well as reservation details. The window of access to this data was open between October 14, 2025, and April 22, 2026. The hotel chain emphasizes that no payment details or other financial information were involved.
Following the discovery of the incident, the application was taken offline and unauthorized access was revoked. Furthermore, BWH has engaged external security experts to strengthen existing security measures.
Remaining vigilant
The company advises guests to be extra vigilant when receiving or viewing unexpected or suspicious communications regarding hotel stays. “If you receive a suspicious message, such as an unexpected email, SMS, WhatsApp message, or phone call asking for payment, codes, login credentials, or ‘verification,’ even if it refers to a BWH Hotels property or an upcoming reservation, we request that you do not respond. Go directly to websites instead of clicking on links,” says BWH.
Several companies have faced cyberattacks in recent weeks. For instance, last week, several colleges and the VUB were affected by a hack on the Canvas learning platform. Meanwhile, the parent company of Canvas reached an agreement with the cybercriminals and the stolen data was secured. Several Dutch companies have also recently fallen victim, such as Basic-Fit and Booking.com.