[German]A quick call to the blog readership to see if anyone has any more information on this. I have received information that there was a successful cyber attack on the H World hotel group. This would presumably also affect Steigenberger. However, I have not yet been able to find any other sources.
Who is the H World Group?
The name H World Group meant nothing to me – although the H could probably stand for hotel (but is more likely to be abbreviated to Huazhu) and the name indicates that the group operates hotels worldwide. But the internet helps – the H World Group used to operate under the name Huazhu Hotels Group. This is a Chinese company that operates several hotel chains in China and internationally. The group manages a diverse portfolio of hotels under lease, franchise and ownership models.
Their well-known brands include HanTing Hotel, JI Hotel, Orange Hotel and Hi Inn, I read in a Google search. I noticed Steigenberger and Intercity-Hotel on the group's homepage (see above). But other hotel chains such as Ibis, Acor etc. also seem to belong to the group. The management is in Chinese and German hands (Steigenberger GmbH Managing Director), if I am interpreting it correctly.
As at March 31, 2025, H World operated 11,685 hotels with 1,142,158 beds worldwide. Huazhu Hotels Group rang a bell and a search led me to the 2018 article, among others. In that year, the hotel chain "lost" booking and hotel data, and an actor offered a 140 gigabyte data package in a dark web forum. At the time, the group published this message about the incident – according to my information, 130 million guest details were affected. .
Reference to suspected cyber incident in May 2025
An unnamed source contacted me by email and wrote that about a week ago, a large part of the HWorld Group was the victim of a massive hacker attack. The source also mentioned many Steigenberger hotels in this context.
It was said that the cyberattack was presumably carried out by the Akira group, as suggested by internal emails. I can't access their leak page at the moment – and the relevant monitoring sites for ransomware attacks have not yet provided me with any hits.
But the source did tell me that, as of last week, more than five hotels (probably in German) were affected. All data was encrypted, they said. And there were clear indications that sensitive information had also been leaked.
This is said to include booking data, invoices, voucher codes and credit card details in plain text. According to my source, the latter were apparently often stored in unencrypted text files, for example when costs were accepted by corporate customers.
The source wrote that the fact that there are apparently no more backups of the data is particularly explosive. These backups were abolished years ago for cost reasons. Central systems such as key cards, payment terminals and reservation software had completely failed in the affected hotels. Bookings are currently being recorded manually, the statement said.
The source also said that the hotel group's official German website has been unavailable since the incident. I cannot confirm this, I was able to access the website – but occasionally there were loading problems. What definitely doesn't work when trying to contact their press department is the contact form. When sending it, the whole thing goes dead and ends with a gateway error.
Unconfirmed and subject to change
It is very detailed information, although I cannot verify the source. I have searched the internet as well as the group's website above but have not found anything on the web regarding the facts outlined above.
Therefore, I do not know which hotels are affected and how valid the above information is. If anyone from the readership knows anything, they can get in touch with me or comment.
A press inquiry has being sent by e-mail two days ago to the hotel group remains unanswered. Nothing was known when I contacted them by telephone. As soon as I have more recent information, I will share it.
