Stolen Data from Vacationers in Italy and Mallorca
Headline: Cybercriminal Group Sells Stolen High-Resolution ID Documents from Italian and Spanish Hotels
A cybercriminal group, known as “mydocs,” has stolen and sold tens of thousands of high-resolution scans of passports, ID cards, and other personal documents from guests of multiple Italian and Spanish hotels on the dark web between June and August 2025.
The breach affected at least ten hotels, including the Ca' dei Conti hotel in Venice, Italy, where 38,000 documents were stolen, Casa Dorita in Milano Marittima, Regina Isabella in Ischia, Hotel Continentale in Trieste, and a luxury hotel on Mallorca, Spain. The hackers gained unauthorized access to hotel booking and check-in systems to extract these scanned IDs, which were then posted for sale in various batches on dark web forums. Prices for these batches ranged from 800 to 10,000 euros.
The stolen data, although some images had blurred faces, remains highly valuable for identity theft and fraud. The consequences of this data leak are severe, as stolen documents can be used to create fake identity documents, open fraudulent bank accounts or credit lines, launch social engineering attacks, commit digital identity theft, and lead to financial loss and legal problems for victims.
Italian authorities, including the Agency for Digital Italy (AgID) and the Italian Data Protection Authority (Garante), have launched investigations into the matter. Hotels have been advised to strengthen security measures, promptly notify affected customers, and use secure guest registration systems like the state police’s Alloggiati web portal. Guests are urged to be vigilant for scams or phishing attempts using their stolen data.
This incident underscores the critical vulnerabilities in hotel data handling and the need for robust cybersecurity practices to protect sensitive customer information in the hospitality sector. Foreign hotel guests' data has also been accessed by the hackers, but the authorities did not provide further information on their nationality. Many hotels in Italy now use computer systems for automated digitization of identification documents, making them more susceptible to cyberattacks.
[1] [Source 1] [2] [Source 2] [3] [Source 3] [4] [Source 4] [5] [Source 5]
- The community policy of hotels in Italy and Spain should incorporate stringent cybersecurity measures to protect guests' personal information, following the theft and sale of tens of thousands of high-resolution ID documents by the cybercriminal group "mydocs."
- In light of the stolen data leak, employment policies within the hospitality sector must prioritize staff training on cybersecurity best practices to prevent similar incidents in the future, keeping in mind the increased vulnerabilities posed by automated digitization systems.
- General-news outlets and lifestyle magazines should cover the impact of the "mydocs" cyberattack on consumers, emphasizing the importance of staying informed about the latest cybersecurity threats, especially when traveling, to protect oneself from identity theft and fraud.
