Brit Hotel: 682,000 loyalty programme members in a data leak
On 15 April 2026, threat actor HexDex offered for sale a database stolen from French hotel chain Brit Hotel, exposing 682,662 loyalty-programme members along with emails, phone numbers, postal addresses and a decade of reservation history (2016–2026).
- Victim
- Brit Hotel
- records
- 682.7K
On 15 April 2026, Brit Hotel — a French hotel chain with more than 180 establishments across the country — was hit by a major data leak when the threat actor known as HexDex advertised a database stolen from its loyalty programme for sale on a cybercrime forum.
The exposed database covers nearly a decade of activity, spanning reservations from 2016 to 2026. According to the listing, it contains 682,662 loyalty-programme member accounts and 236,549 lines of detailed reservation records, making it especially sensitive because of the depth of historical customer data involved.
The leaked data included:
- 682,662 loyalty-programme member profiles
- 664,275 unique email addresses
- 353,969 unique phone numbers
- 177,318 unique full postal addresses
- Reservation and booking histories (2016–2026)
Brit Hotel informed its customers of the breach. The exposed information creates a significant risk of targeted phishing, identity theft, financial fraud and travel-related scams that exploit victims' real reservation details. The exact intrusion vector was not disclosed.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/brit-hotel-682-000-membres-du-programme-fidelite-dans-une-fuite-de-donnees/
- frenchbreaches.comhttps://frenchbreaches.com/blog/fuite-massive-chez-brit-hotel-682-000-clients-exposes-avec-10-ans-dhistorique