A criminal hacker group has obtained the personal data of tens of thousands of holidaymakers from Italian hotels, collected from ID documents required at check-in.
The group, called Mydocs, has been offering around 70,000 documents for sale online in recent days, Italian police said on Wednesday.
The breach affected high-end hotels in cities such as Venice and Trieste, as well as on the island of Capri.
According to police, the hackers illegally accessed the booking systems of various hotels starting in June. This allowed them to acquire high-resolution scans of passports, ID cards and other documents used by tourists and business travellers.
Italy's state agency for digital affairs (AgID) said the documents are now being sold on the dark web in pixelated form, with prices ranging from €800 to €10,000 ($937 to $11,714).
According to the newspaper Corriere del Veneto, one of the hotels affected is the four-star Ca' dei Conti in Venice, where 38,000 documents were reportedly stolen.
In Italy, guests must present ID at hotel check-in, which is typically copied at the reception. Many hotels now use computer systems to automate this digitization process.
