Large-Scale Cyberattack Targets Italian Hotels, Stealing Guest Data

Thousands of guests in Italian hotels have been exposed to a large-scale cyberattack, as a group of cybercriminals known as "mydocs" managed to breach booking systems and steal highly sensitive personal information belonging to tens of thousands of guests. Cybersecurity experts have warned of the danger of this stolen data and the possibility of its exploitation.

Details of the Breach and Italian Agency's Confirmation

The hackers, under the pseudonym "mydocs", announced on underground hacking forums the sale of approximately 70,000 to 100,000 individual identity documents, including passport photos and ID cards, claiming they were stolen from several hotels across Italy.

Initially, these claims were met with skepticism by the cybersecurity community, but the Italian Agency for Digital Transformation (AGID) confirmed the validity of the breach in mid-August 2025, noting that the intrusions had been ongoing since June 2025.

Affected Hotels and Consequences of Data Theft

According to AGID, at least ten hotels were breached, and this number may increase in the coming weeks.

Affected hotels included Borghese Contemporary Hotel in Rome, and Ca' dei Conti in Venice (where 38,000 documents were reportedly stolen), as well as Hotel Sanpi Milano, Hotel Mediolanum, Savoia Resort, and Hotel Ercolini e Savi.

AGID stated in a press release published on its website that these data, once stolen, can be used for fraudulent purposes, such as creating forged documents, opening bank accounts, and even social engineering attacks and digital identity theft, which could have severe economic and legal consequences for the victims.

It is possible that "mydocs" exaggerated the numbers, or managed to steal sensitive data for many years, given that some of the affected hotels only have a few dozen rooms. In any case, an official investigation into the incident is currently underway.

Why is the Hospitality Sector Targeted? And Advice for Victims

The hospitality industry, due to its handling of highly sensitive data, remains among the industries most targeted by cyberattacks.

Hotels, accommodations, restaurants, event organizing agencies, and tourism companies often fall victim to attacks such as ransomware, impersonation, and data theft. Victims are advised to stay informed and vigilant regarding any incoming communications, especially emails claiming to be from Italian hotels, and to monitor their financial accounts for any suspicious activity or unauthorized credit applications.