IT-Security | Welcome Hotels

23rd March 2022 - UPDATE ON RECENT IT SECURITY INCIDENT

As part of the comprehensive analysis of the recent IT security incident Welcome Hotels is closely monitoring a publication of the data that has been stolen by the attackers. We have now identified the attackers as the hacker group “Conti.”

Today, regrettably we have identified that Welcome Hotels has been named by Conti on their public list of recent targets and a small portion of our data has also been published.

Together with data forensic experts we have immediately launched a thorough investigation of the published data.

It is possible that further data relating to Welcome Hotels will be published at a later date. We will continue to monitor for any additional published data and provide updates as required.

18th March 2022 - STATEMENT ON RECENT IT SECURITY INCIDENT

Welcome Hotels is investigating as a matter of priority a recent incident affecting our systems. In the course of our investigation, we identified that an unauthorized third party was able to access some of our servers. As a precautionary measure, we immediately isolated and shut down all affected systems and were swiftly able to prevent any further unauthorized access.

Working closely with data forensic experts, we understand that the attackers were both able to access servers on which personal data is stored and to steal certain information. We are currently investigating what specifically was extracted. As soon as we have more information, we will provide you with all of the support and guidance we possibly can.

Due to early detection by our IT team and external experts, we have quickly taken appropriate and immediate actions such as rebuilding our entire system. Our systems, including the website and booking tool, are now working normally.

We have notified all relevant authorities about the incident and will, of course cooperate with them in any way possible.

As this investigation is ongoing, we would like to reassure you that we are deploying all efforts to resolve this matter. We will continue to provide updates as appropriate. In the meantime, if you have any questions, please see the FAQ below, refer to our data protection notice or contact us at info@welcome-hotels.com.

Our hotels are now fully operational again, so you can enjoy your stay with us. We are looking forward to welcoming you at Welcome Hotels.

FAQ

Has my data been stolen?

The analysis by the data forensic experts shows that the hacker group Conti accessed Welcome Hotels’ servers and stole certain information. We are currently investigating the data leaked by the hacker group to identify if the leak contains any personal data. As soon as we have more information, we will provide you with support and guidance where we possibly can.

How will I be informed whether my data has been stolen?

In line with our regulatory obligations, we will, as soon as is practicable, notify any individuals who we determine as being at high risk as a result of the leak of the data by Conti.

If I think I have been impacted, what can I do?

We are currently investigating which specific data was leaked by Conti and whether it contains personal data.

In general, we encourage you to be cautious of any unsolicited, unverified, or unexpected communications that ask for your personal information or refer you to a web page asking for personal information. Avoid responding to, clicking on links, or downloading attachments from suspicious email addresses.

How do I know your systems are now safe?

Together with external IT security experts, we have completely rebuilt our systems and are working on measures to further enhance security. All business at Welcome Hotels is now operational again.

Can I safely book a stay at Welcome Hotels now?

Yes, our online booking system is fully operational.

When was the IT security incident discovered?

We became aware that systems were accessed on 12th March 2022. We immediately isolated and shut down all affected systems and thus prevented further access. Further investigations and remediation also began immediately.

What action have you taken to ensure this doesn’t happen again?

We are working closely with external IT security experts and have completely rebuilt our systems.