1.           What happened?

Last year, we became the target of a hacker attack in which perpetrators were able to penetrate our secure IT system. We acted immediately upon discovering the hacker attack and investigated the incident with the police, data protection authorities and experienced IT security service providers. We forensically examined the entire IT system. At the same time, we ensured that no further personal data could be stolen. The hacker group had published the stolen data on the Dark Net. However, as far as we are currently aware, the corresponding page on the Dark Net has since been removed.

2.           Which data is affected?

Mainly old invoice data was stolen. These invoices include in particular the postal address information of the relevant invoice recipient. In addition, in a few cases the perpetrators stole very specific credit card data from another database, of which the majority were company credit cards. We immediately informed the affected cardholders about the theft.  In addition, in certain individual cases contact details (e.g. postal address, e-mail address and/or telephone number) were affected. We have, of course, contacted any other affected individuals directly if the investigation revealed indications of particular data protection risks.

3.           Is the data being misused?

Neither we nor the investigating authorities are aware of any attempt to misuse the stolen data. With the support of IT specialists, we have fully investigated the incident and examined all of the stolen data. At the same time, it is crucial for us to ensure that a similar incident cannot happen again.

4.           How could this happen?

As you may have already gathered from the media, the number and intensity of cyber attacks are constantly increasing. In the last twelve months, a large number of European companies have fallen victim to cyber attacks.

Safety is an ongoing process that we at Motel One take very seriously. We continuously invest in the protection of our systems and data. However, despite professional security precautions, cyber attacks cannot always be completely prevented. Unfortunately, the fact that there was a successful cyber attack on our systems despite the stringent security precautions shows the high criminal intent of the perpetrators.

5.           What steps did Motel One take in response to the hacker attack?

As soon as we became aware of the hacker attack, we forensically examined the entire IT system and ensured that no further personal data could be stolen.  At the same time, we have taken precautions with our IT security experts to ensure that a similar incident cannot happen again. We also informed the relevant data protection authorities about the hacker attack and reported the criminal offence to the police.

6.           What measures has Motel One taken to protect my data?

We take the protection of your personal data very seriously and have taken several important steps to ensure the security of your information and to respond appropriately to the data protection incident.

We analysed the entire stolen database with the support of a certified IT security service provider. Based on the findings of our investigation, we assume that only the aforementioned data has been stolen and that our systems are secure.  No malware was found during comprehensive screening. The route that the intruder or intruders found to penetrate our protected system was identified and immediately ‘closed’.

We have comprehensive and high security standards to protect your personal data, which are continuously reviewed and updated. Please rest assured that we are doing everything in our power to minimise the impact of this incident and to ensure the security of your data.

7.        What consequences could I face as a result of the hacker attack?

The stolen invoice data generally does not contain an email address or telephone contact details. Therefore, contact could only be made by post to the address given to us. Only in certain individual cases, contact details such as the postal address, email address and/or telephone number may also be affected. We have of course informed the affected individuals personally in accordance with the legal requirements.

We recommend that you pay particular attention to the general principles for the use of digital media, such as those laid down by the Federal Office for Information Security (BSI), especially in view of the generally increased cyber threat situation. Information and recommendations for how to act in the event of cyber incidents and when using digital media can be found at

www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/informationen-und-empfehlungen_node.html

Further information in connection with cybercrime can be found on the website of the FBI at

www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/on-the-internet

We advise you to watch out for suspicious communications from third parties and not to disclose confidential information to unknown persons.

8.           What does the hacker attack mean for my existing and future hotel bookings?

The hacker attack will not affect your existing and future hotel bookings. Business operations in our hotels were not and are not affected by the hacker attack. We would like to assure you that the data protection incident has no impact on the quality and efficiency of our booking and service processes. We still aim to provide you with a smooth and enjoyable booking experience. Our teams work tirelessly to ensure that our services and offerings meet the usual high standard.

9.           Do I have to report a criminal offence to the police?

We have informed the relevant supervisory authorities and have filed criminal charges. If you have any evidence of the misuse of your data, e.g. if you notice that your data is being misused or you are contacted by third parties regarding your data, you can report this at your local police station.

10.         Has there been any damage?

To the best of our knowledge, no material damage to our guests has been caused, not even to the credit card holders affected by the data protection incident. If you have any evidence of misuse of your data, please contact us immediately at privacy@motel-one.com.

11.         What future precautions are you taking to prevent this from happening again?

We are working closely with experienced information and IT security experts and the relevant authorities to ensure the highest possible level of data security at all times. Even though our systems and organisational instructions are continuously updated, attacks cannot be ruled out in our company or in any other IT system in the world. According to the police, about 6,000 companies report hacker attacks every year in Germany alone and the number of unreported cases is many times greater. We will continue to do everything possible to protect ourselves against attacks on our IT.

12.         Who can I contact if I have questions or concerns?

If you have any questions or concerns, please contact us at any time at privacy@motel-one.com. You can also contact our Data Protection Officer at mail@kinast.eu.