Best Western Hotels warns customers’ reservation data may have been leaked in breach

BWH Hotels confirmed a cyber attack on 22 April 2026 that stole customer names, emails, phone numbers, postal addresses and booking details
Attackers exploited a flaw in a web app with guest reservation data, but payment and banking information were not affected
The company took the app offline, engaged outside experts and urged customers to be wary of suspicious communications

BWH Hotels, a major global hospitality chain that operates thousands of hotels around the world, has confirmed that it has suffered a cyber attack and lost sensitive customer data.

In a data breach notice recently sent to affected individuals, the company’s Chief Technology Officer (CTO) Bill Ryan said the attack was discovered on April 22, 2026. The fraudsters stole sensitive data, including people’s names, email addresses, phone numbers and postal addresses, from an as-yet-undetermined number of people.

Reservation details, including reservation numbers, dates of stay and special requests, were also captured.

A warning to users

The data was generated between 14 October 2025 and 22 April 2026, but it was left unclear how long the crooks were lurking in BWH Hotels’ systems.

The unnamed attackers apparently found a flaw in a web application that contained certain guest reservation data, but that information did not include payment or banking information.

“When we discovered the incident, we immediately took the application offline and revoked the unauthorized access,” Ryan said The register in a written statement.

“We have engaged leading external cybersecurity experts to support our incident response efforts and to help further strengthen existing security measures.”

Ryan also urged his customers to be “extra vigilant” when they see any unexpected or suspicious communications about hotel stays.

“If you receive a suspicious communication such as an unexpected email, text, WhatsApp message or phone call asking for payment, codes, logins or ‘confirmation’, even if they refer to a BWH Hotels property or an upcoming booking, do not engage. Navigate to websites directly instead of clicking on links,” he stressed.

BWH Hotels is a global hotel group that serves as the parent organization for Best Western Hotels & Resorts, WorldHotels and SureStay Hotels. It operates about 4,300 hotels in more than 100 countries and earns more than $8.5 billion annually.