1. What happened?
The Motel One Group became a victim of a targeted hacker attack. Perpetrators, who have not been identified yet, have penetrated the protected IT system The perpetrators stole data and presumably tried to carry out a so-called ransomware attack. The perpetrators did not succeed in "paralysing" the IT structure. Business operations are running smoothly. Future reservations were also never at risk.
Motel One took immediate action after discovering the theft and is working closely and trustfully with the police, data protection authorities and experienced IT security service providers. The traces of the break-in and the extent of the data theft are currently being evaluated.
2. What data is affected?
According to current knowledge, mainly old invoice data has been stolen, which we have stored within the legal retention periods. The invoices contain the data of your stay, your first and last name, the postal address of the invoice recipient and the payment method (e.g. invoice or Visa/Mastercard). The stolen invoice data generally does not contain a full credit card number or bank details, email address or telephone contact details.
In addition, the perpetrators stole around 150 very specific credit card data from another database. We have already personally informed the affected cardholders about the theft.
We will of course contact any other affected individuals directly if the ongoing investigation should reveal further indications of special risks.
If you have any questions, please contact us at any time at: firstname.lastname@example.org
3. What steps has Motel One taken in response to the hacker attack?
We forensically examined the entire IT system immediately after becoming aware of the hacker attack and ensured that no further personal data could be stolen.
In addition, we have informed the competent data protection authorities about the hacker attack and filed a criminal complaint with the police. The police are investigating in close cooperation with our IT experts to find the perpetrator(s).
We are currently analysing the data affected by the attack in great detail and are being supported by a certified IT security service provider. At the moment, we assume that only the named data has been stolen and that our systems are working securely. No malware was found during a comprehensive screening. The way the burglar or burglars have found to penetrate our protected system is known and has been "closed" immediately.
4. What measures has Motel One taken to protect my data?
We take the protection of your personal data very seriously. We have comprehensive and high security standards to protect your personal data. You can be sure that your data is protected by us. The fact that there has nevertheless been a successful break-in into our systems shows the high criminal energy of the hacker group.
5. What consequences do I have to fear from the hacker attack?
We currently assume that predominantly our guests' address and billing data has been stolen. The stolen billing data does not contain any e-mail address or telephone contact details.
We generally advise you to be careful - regardless of the data theft that has now occurred. In general, you should continue to be alert - as always - if someone tries to get you to behave in certain ways using your contact details, in particular to disclose further confidential information or to make payments.