Arcona Reports Cyber Incident: Unauthorized Data Access

Following the recent cyberattack on Arcona Hotels & Resorts, the company is providing transparent updates on the progress of ongoing investigations and outlining its roadmap for a full recovery of operations.

Progress in Stabilization and System Recovery

Over the past few days, Arcona has made significant strides in stabilizing its IT systems and is actively working towards a secure and structured relaunch. During the forensic investigation conducted by experts from Response One, it was discovered that the attackers were able to move freely across the network due to insufficient separation between the company’s various locations. The root cause of this security gap is currently under investigation, with particular attention on the proper implementation of network segmentation by an external service provider. Legal action against those responsible is being considered. The attackers’ activity has been traced back to Arcona’s headquarters in Rostock. While it is confirmed that access was gained through a VPN, the exact entry point is still being determined.

Data Breach Confirmed

Unfortunately, a data breach at the central site in Rostock has been confirmed. The investigation has proven to be particularly complex due to system encryption and limited traces left behind. Arcona is currently working closely with its data protection officer to identify which individuals or organizations may have been affected. All affected parties will be promptly informed once a thorough review of the data has been completed. For any inquiries, Arcona’s data protection office is available. CEO Alexander Winter stated: “We deeply regret that this incident, including the data breach, was caused by the attack and failures on the part of a service provider.”

Attacker Group Identified

For tactical reasons, Arcona initially withheld the name of the attacker group. However, given the scale of the incident and to counter potential extortion attempts, the company is now disclosing further information. The group responsible is the Akira ransomware group, which has been active since 2023.

Operational Success and a Cloud-Based Future

Last week, Arcona successfully and securely restored several key systems, including point-of-sale systems and technical interfaces at affected locations. The central telephone system in Rostock has also been brought back online. Meanwhile, Arcona continues to work intensively on the full restoration of its IT infrastructure. Looking ahead, the company is focusing on modern cloud-based technologies and has made a strategic decision to eliminate direct interconnectivity between locations in order to significantly strengthen its long-term IT security.

Stay tuned for more updates in our Blogs to keep up with top news in the hotel Industry.