Overview

• On August 14, Italy’s national digital agency disclosed the illegal sale of almost 100,000 high-resolution scans of passports and identity cards taken at hotel check-in.
• Authorities have confirmed that at least ten Italian hotels were compromised between June and August, with investigations ongoing into further affected properties.
• A dark web vendor using the pseudonym “Mydocs” claims to have accessed hotel check-in servers without authorization to obtain the documents.
• High‐quality identity files pose serious fraud risks for travelers, including fake document creation, unauthorized bank account openings and digital impersonation.
• The breach underscores recurring cybersecurity vulnerabilities within hotels and booking platforms following previous attacks on major hospitality groups.