H-Hotels, a German chain of hotels, was attacked by ransomware

Play ransomware gang claimed the responsibility for a cyberattack on H-Hotels. (, which resulted in communications outages for H-Hotels.

H-Hotels, a business that specializes in hospitality, has 60 hotels located at 50 sites across Germany, Austria and Switzerland. It offers a total of 9,600 rooms.

This hotel chain has 2,500 employees and is the biggest in DACH. It operates under the ‘H-Hotels’ brand and sub-brands Hyperion and H4 Hotels.

H-Hotels reported the cyberattack last Wednesday and said that it occurred Sunday, December 11, 2022.

According to H-Hotel’s , “Cybercriminals were able to penetrate the vast technical and organizational protections of IT through a professional attack, according to initial findings by both internal and external IT experts.”

To prevent further spreading, IT systems were instantly shut down after the attack.

Although guests were not affected by the attack, staff at H-Hotels can still receive and answer emails from customers. It is therefore recommended that you contact H-Hotels via phone, if required.

H-Hotels has informed German authorities about the incident, and they are working together with an IT forensics company to quickly restore the systems. H-Hotels states they have taken steps to ensure they are adequately protected from similar cyberattacks in future.

Attack on data allegedly stealing data

Play ransomware claimed H-Hotels was under attack and today listed it on Tor. It claims to have stolen unspecified amounts of data in the cyberattack.

Ransomware gangs claim to have stolen personal and private data including passports and IDs of clients. The threat actors, however, haven’t released samples supporting these claims.

H-Hotels entry on the Play ransomware Tor site


H-Hotels also denied that they had seen any evidence of data theft in the announcement last week, and no updates have been made on this matter.

The announcement states that the IT Forensic Scientists commissioned by Microsoft have not found any evidence suggesting that personal or relevant data might be stolen in a cyberattack. informs data subjects if there is a data flow of personal data.

A large-scale breach of customer data by an EU-based business would result in GDPR violations, which makes the cyberattack more devastating.

Hotel guests may be exposed to their booking details, which could lead to a serious privacy breach. This includes information regarding future locations and financial information.