Ransomware victim disclosure
← All victimsJS Hotels
listed as jshotels.com · Claimed by Lockbit5 · listed 4 days ago
Status timeline
- ListedJul 11, 2026
- Data leakeddate unknown
At a glance
- Group
- Lockbit5
- Status
- Data leaked
- Country
- Jordan
- Sector
- Hospitality and Tourism
- Listed on leak site
- Jul 11, 2026
About the victim
AI dossier — public-source company profileJS Hotels is a Mallorca-based hotel management and ownership company founded in 1956. They operate 13 hotel properties across premium locations in Mallorca, Spain, offering full-service accommodations with spa, wellness, and dining facilities across multiple price categories and guest segments.
- Industry
- Hospitality & Tourism — Hotel Management & Operations
- Address
- Multiple locations, Mallorca, Spain
- Founded
- 1956
Attack summary
Severity: high — Confirmed data exfiltration from a multi-property hospitality operator managing guest data across 13 hotels; likely includes PII (guest booking records, contact details) at scale. No operational disruption stated, but data publication indicates access to sensitive business and personal information.LockBit5 claims to have breached JS Hotels and exfiltrated data. The group has published data, though the specific data categories and operational impact are not detailed in the available post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- guest records
- booking/reservation data
- employee information
- financial records
- operational systems data
What the group claims
JS Hotels owns and manages ten hotel properties scattered all over Majorca. We pride ourselves on cu...
Sources
Source
Indexed 4 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

