{ "id": "8cc41752-023a-4cfb-9e0f-48288ced76cd", "created_at": "2026-04-06T00:19:56.103594Z", "updated_at": "2026-04-10T03:29:40.119808Z", "deleted_at": null, "sha1_hash": "84617d9a0ed348cb7f271f38bcc6aa134e4a2a64", "title": "Motel One discloses data breach following ransomware attack", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2969858, "plain_text": "Motel One discloses data breach following ransomware attack\r\nBy Bill Toulas\r\nPublished: 2023-10-02 · Archived: 2026-04-05 18:33:34 UTC\r\nThe Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer\r\ndata, including the details of 150 credit cards.\r\nMotel One is a low-budget hotel chain that operates over ninety hotels with 25,000 rooms in Germany, Austria, the UK,\r\nDenmark, Belgium, the Netherlands, Spain, Poland, the Czech Republic, and the United States.\r\nAccording to the company's press release, a group of unknown attackers infiltrated its network, intending to launch a\r\nransomware attack, but had limited success thanks to its effective protective measures.\r\nhttps://www.bleepingcomputer.com/news/security/motel-one-discloses-data-breach-following-ransomware-attack/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/motel-one-discloses-data-breach-following-ransomware-attack/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"The currently unknown perpetrators infiltrated the hotel operator's internal systems and most likely tried to carry out a so-called ransomware attack,\" reads the press release.\r\n\"Thanks to extensive measures, the impact was kept to a relative minimum. The business operation of one of Europe's\r\nlargest hotel groups was never at risk.\"\r\nThe company immediately engaged with IT experts to investigate and remediate the incident, while the concerned data\r\nprotection authorities were also notified accordingly.\r\nThe first results of the investigation indicate that the hackers stole customer addresses, including the details of 150 credit\r\ncards. The owners of those cards have been informed via personalized notices.\r\nBlackCat claims the attack\r\nThe hotel's claims about limited impact are directly countered by the threat actors who took responsibility for the attack, the\r\nBlackCat/ALPHV ransomware gang.\r\nThe threat group added Motel One to its extortion site on the dark web on September 30, 2023, claiming to have stolen\r\nnearly 24.5 million files, totaling 6 TB of size.\r\n\"[The stolen data] include PDF \u0026 RTF booking confirmations for the past 3 years containing names, addresses, dates of\r\nreservation, payment method, and contact information,\" reads BlackCat's announcement.\r\n\"Additionally, there is a significant amount of your customers' credit card data and internal company documents, which\r\nundoubtedly hold sensitive information.\"\r\nMotel One entry on BlackCat's extortion page (BleepingComputer)\r\nhttps://www.bleepingcomputer.com/news/security/motel-one-discloses-data-breach-following-ransomware-attack/\r\nPage 3 of 4\n\nBlackCat has given Motel One five days to negotiate the ransom payment with them; otherwise, they threaten to leak all the\r\ndata they stole from the hotel's computers.\r\nBleepingComputer has contacted Motel One to request more information about the attack and whether or not ALPHV's\r\npublic disclosure has compelled the firm to revisit its findings, but we have yet to hear back.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/motel-one-discloses-data-breach-following-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/motel-one-discloses-data-breach-following-ransomware-attack/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/motel-one-discloses-data-breach-following-ransomware-attack/" ], "report_names": [ "motel-one-discloses-data-breach-following-ransomware-attack" ], "threat_actors": [ { "id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b", "created_at": "2022-10-25T16:07:23.303713Z", "updated_at": "2026-04-10T02:00:04.530417Z", "deleted_at": null, "main_name": "ALPHV", "aliases": [ "ALPHV", "ALPHVM", "Ambitious Scorpius", "BlackCat Gang", "UNC4466" ], "source_name": "ETDA:ALPHV", "tools": [ "ALPHV", "ALPHVM", "BlackCat", "GO Simple Tunnel", "GOST", "Impacket", "LaZagne", "MEGAsync", "Mimikatz", "Munchkin", "Noberus", "PsExec", "Remcom", "RemoteCommandExecution", "WebBrowserPassView" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434796, "ts_updated_at": 1775791780, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/84617d9a0ed348cb7f271f38bcc6aa134e4a2a64.pdf", "text": "https://archive.orkl.eu/84617d9a0ed348cb7f271f38bcc6aa134e4a2a64.txt", "img": "https://archive.orkl.eu/84617d9a0ed348cb7f271f38bcc6aa134e4a2a64.jpg" } }