Best Western Hotels warns customers reservation data may have been spilled in breach
BWH Hotels, a major global hospitality chain operating thousands of hotels around the world, has confirmed suffering a cyberattack and losing sensitive customer data.
In a data breach notification recently sent to affected individuals, the company’s Chief Technology Officer (CTO) Bill Ryan said the attack was spotted on April 22, 2026. The crooks stole sensitive data, including people’s names, email addresses, telephone numbers, and postal addresses, of a yet undetermined number of people.
Reservation details, including reservation numbers, dates of stay, and special requests, were also nabbed.
The data was generated between October 14, 2025, and April 22, 2026, but it was left unclear how long the crooks lurked within BWH Hotels’ systems.
The unnamed attackers apparently found a flaw in a web application that housed certain guest reservation data, but that information did not include payment or bank details.
"Upon discovering the incident, we immediately took the application offline and revoked the unauthorized access," Ryan told The Register in a written statement.
"We have engaged leading external cybersecurity experts to support our incident response efforts and to assist with the further strengthening of existing safeguards."
By Sead Fadilpašić