A threat actor is allegedly selling a highly sensitive database containing approximately 7,600 scanned identity documents belonging to guests of the Borghese Contemporary Hotel in Rome, Italy. The hotel is part of the prestigious Contemporary Collection group, known for hosting international travelers. The data was advertised on a dark web forum, with the seller claiming the information was exfiltrated from the hotel’s guest management system following an unauthorized access event in early August 2025.
The seller is asking for $2,000 for the entire dataset, which they claim contains high-resolution and fully legible images of guest documents. According to the post, the data was collected as part of the hotel’s standard Know Your Customer (KYC) check-in process. The availability of such clear and personal documents poses a severe risk of identity fraud and synthetic identity creation for the affected guests, who come from various countries. The files are reportedly sorted by the guests’ country of origin and delivered in JPG format.
The compromised data allegedly includes:
- Scanned passports from international guests
- National ID cards (DNI)
- High-resolution images collected during hotel check-in
