Ransomware victim disclosure
← All victimsSH Hoteles (Spain)
Claimed by Deadlock · listed 5 days ago
Status timeline
- ListedJul 10, 2026
- Data leakeddate unknown
At a glance
- Group
- Deadlock
- Status
- Data leaked
- Country
- Spain
- Sector
- Hospitality and Tourism
- Listed on leak site
- Jul 10, 2026
About the victim
AI dossier — public-source company profileSH Hoteles is a Valencian hotel chain operating a portfolio of urban and beach properties across the Valencia and Alicante regions in Spain. The chain includes 5-star hotels, luxury resorts with spa facilities, boutique properties, and apartment complexes, catering to business travelers, tourists, and weekend visitors.
- Industry
- Hospitality & Tourism – Hotel Chain
- Address
- Multiple locations in Valencia and Alicante regions, Spain. Primary: Paseo Alameda 32, Valencia
Attack summary
Severity: medium — Confirmed data exfiltration from a multi-property hospitality chain handling guest PII and business data, but no regulated sensitive data categories explicitly confirmed in the leak post, no proof files advertised, and no ransom demanded or operational disruption stated.Deadlock claims to have accessed SH Hoteles' systems and exfiltrated data from the hotel chain. No specific details are provided regarding what data was taken or the scope of the breach.
Data the group says was taken
AI dossier — extracted from the leak post- Guest records
- Business operations data
- Booking/reservation information
What the group claims
This chain operates various urban and beach properties primarily in the Valencia and Alicante regions. Key Properties: SH Valencia Palace: A 5-star hotel located near the city center of Valencia. SH Villa Gadea: A luxury resort in Altea known for its extensive Thalasso-Spa facilities. SH Inglés: A boutique hotel situated in a renovated 18th-century palace in Valencia's historical center. Other locations: Includes properties in Jávea, Denia, and Gandía
Sources
Source
Indexed 5 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

