The servers of Italian hotels have fallen victim to a massive breach, with tens of thousands of scans of tourists’ identification documents stolen and currently being sold on the dark web, warns the Italian Agency for Digitalization (Agid).
In a statement, Agid noted that “illegal sales activity involving identity documents allegedly taken from hotels operating within Italian territory” has been detected.
“This includes tens of thousands of high-resolution scans of passports, ID cards, and other forms of identification used by guests during check-in procedures,” the agency clarified.
In a series of statements over the past few days, Agid reported that nearly 100,000 documents have been compromised.
The individual behind these sales, using the alias “mydocs,” claims to have acquired the documents through “unauthorized access to computer systems between June and August 2025.”
Ten hotels in Italy have confirmed they are affected by this hacking incident; however, authorities caution that “it is possible other cases may emerge in the coming days.”
The agency also warns of the “serious consequences for victims, both economically and legally,” emphasizing that once this data is compromised, it can be exploited for fraudulent activities such as creating fake documents, opening bank accounts, and committing digital identity theft.
Cyberattacks targeting hotels and hotel booking platforms are increasingly common.
