A threat actor has allegedly put a massive database of sensitive guest information up for sale on a dark web forum. The data is claimed to originate from Hotel Ca’ dei Conti, a prestigious 4-star boutique hotel located in the heart of Venice, Italy. According to the post, the data was exfiltrated through an unauthorized access event that allegedly took place in July 2025. This breach targets the sensitive Know Your Customer (KYC) data that hotels are required to collect from guests during the check-in process.
The compromised data is particularly alarming due to its nature and scale. The seller claims to possess over 38,000 high-resolution scanned documents belonging to international guests. The availability of such clear and legible identity documents, including passports and national ID cards from countries like Spain, France, and Italy, poses a severe risk of identity theft, financial fraud, and the creation of synthetic identities for other malicious purposes.
The hotel, known for hosting travelers from around the globe, now faces a significant security incident that could have far-reaching consequences for the thousands of former guests whose personal information is now exposed. The threat actor is offering the entire collection of data in JPG format, sorted by the country of origin, making it easier for potential buyers to exploit.
The leaked data allegedly includes:
- High-resolution scans of guest passports
- High-resolution scans of guest national ID cards (DNI)
