Ransomware victim disclosure
← All victimsLopesan Hotels
Claimed by Ransomhouse · listed 2 years ago
Status timeline
- ListedApr 16, 2024
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- Austria
- Sector
- Hospitality and Tourism
- Listed on leak site
- Apr 16, 2024
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileLopesan Hotels is a Spanish hospitality company operating a portfolio of resort and hotel brands across multiple European and Caribbean destinations, including properties in Gran Canaria, Fuerteventura, the Dominican Republic, Austria, and Germany. The group manages multiple hotel collections and resort chains under various brand names, serving leisure and vacation markets.
- Industry
- Hospitality & Tourism — Hotel & Resort Operations
Attack summary
Severity: high — 743 GB of exfiltrated data from a major hospitality operator likely includes guest personal information, payment records, and operational data. Hospitality sector breaches typically involve PII at scale and payment card data, raising regulatory and reputational concerns, even without explicit confirmation of sensitive data types in the post.Ransomware operator Ransomhouse claims to have encrypted Lopesan Hotels' systems. The leaked dataset comprises 743 GB of data, though the specific nature and sensitivity of exfiltrated information are not detailed in the available post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Business operations data
- Guest/customer records
- Financial records
- Internal databases
What the group claims
Lopesan Hotels: makers of happy memories. At the Lopesan Hotel Group we want all of our guests to enjoy an unforgettable experience during their holidays. Our establishments offer multiple isure wellbeing options, meticulous and exquisite gastronomy and all the amenities that a good hotel room deserves. Our different brands try to respond to the needs of the most demanding guests. The Lopesan, IFA and Abora by Lopesan Hotels brands have been created with the aim of having everyone find exactly what they seek for their holidays, whether it is fun accommodation in the most touristic area of Gran Canaria or a comfortable apartment in the Austrian mountains.Our aim is to make happy memories. Therefore, every time you visit a Lopesan hotel or resort our team will be ready to offer you the warmest welcome. We will assist you and help you to resolve any queries or questions, we will offer you information about your destination and we will do everything within our power to ensure your holidays are idyllic and perfect.
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

