BWH Hotels
October 14, 2025
•[ unauthorized access, guest reservation data, web application vulnerability ]
BWH Hotels disclosed that an unauthorized third party gained access to a web application containing some guest reservation data. The intrusion was discovered on April 22, 2026, and investigation found access dating back to October 14, 2025. BWH Hotels took the compromised application offline after discovery and worked with external security experts. Public reporting did not identify a named cybercrime group, quantify affected individuals or records, or confirm payment-data exposure, encryption, data destruction, or attacker-caused operational disruption.
