article featured image


The Play ransomware gang has claimed a cyber attack on H-Hotels (h-hotels.com). Across Germany, Austria, and Switzerland, H-Hotels operates 60 hotels with 9,600 rooms. 

One of the largest hotel chains in the DACH region, H-Hotels operates under the Hyperion, H4 Hotels, H2 Hotels, H + Hotels, H.ostels, and H.omes brands.

The cyberattack occurred on Sunday, December 11th, 2022, H-Hotels announced last week.

According to the H-Hotel’s security incident notice, cybercriminals broke through the extensive technical and organizational protection systems of IT in a professional attack.

In order to prevent further spread of the cyber attack, the IT systems were immediately shut down and disconnected from the Internet.



Even though the attack didn’t affect guests’ bookings, hotel staff can still not receive or answer customer emails, so it’s recommended to contact H-Hotels by phone if needed.

H-Hotels informed the German investigative authorities and is working with an IT forensics company to restore systems as quickly as possible. They also claim they are protecting themselves against similar cyberattacks in the future.

Data Allegedly Stolen In Attack on H-Hotels

The Play ransomware has claimed responsibility for the attack on H-Hotels and listed the company on its Tor site today, claiming to have stolen an undisclosed amount of data.

The ransomware gang claim to have stolen client documents, passports, IDs, and more, but they haven’t provided samples to back up their claims.


Additionally, H-Hotels denied seeing any evidence of data leakage in last week’s announcement, and no updates have been provided since then.

Today, IT forensic scientists have found no evidence that the cyber attack has stolen relevant or personal data.

H-Hotels.com will inform data subjects if an outflow of personal data is determined during these investigations.


As an EU-based company, a large-scale data leak will have GDPR repercussions, making the cyberattack even more damaging.

The potential exposure of hotel guests’ details can result in a severe privacy breach, revealing future locations, financial information, and more.

Information about future locations, financial information, and more could be exposed if hotel guests’ details and booking data are disclosed.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics. 

Author Profile

Gabriella Antal

SMM & Corporate Communications Officer

linkedin icon

Gabriella is the Social Media Manager and Cybersecurity Communications Officer at Heimdal®, where she orchestrates the strategy and content creation for the company's social media channels. Her contributions amplify the brand's voice and foster a strong, engaging online community. Outside work, you can find her exploring the outdoors with her dog.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo