INFORMATION INDEX

HOTEL CYCLE

2026/01/05

NOTICE: Preventing Future Unauthorized Access to Our Reservation System

HOTEL CYCLE

2026/01/05

On September 4, 2025, an incident occurred in which phishing emails masquerading as HOTEL CYCLE (operated by ONOMICHI U2) were sent to some guests who had made reservations through our hotel reservation management system. These emails directed recipients to a link requesting the entry of personal information and credit card numbers.

In response, we reported the incident to the police, and also hired an external firm to investigate how the attackers gained access to the reservation system IDs and passwords. The findings of this investigation are reported below along with measures taken to prevent similar incidents in the future.

 

Findings of the External Investigation

 

1. On the entry of IDs and passwords into fraudulent websites:
After examining the browser history of our company’s computers (PCs), investigators found no evidence of access to fraudulent sites. Furthermore, there was no access to our systems from non-authorized domains, and all recorded access to the sign-in screen occurred through the official site.

2. On the theft of credentials via external access:
A review of the login history on the company’s PCs showed only local connections, finding no evidence of external intrusion into the hardware.

3. On the theft of credentials via malware:
None of the company’s PCs were found to be infected with malicious files (malware) capable of stealing authentication information (IDs/passwords).

 

Prevention of Future Incidents

 

Although the investigation did not confirm any direct unauthorized access to the reservation system, there remains a possibility that the system was accessed using account information from our internal reservation emails. Consequently, we have implemented the following measures:

● Updated internal password protocols to include two-step authentication.

●Requested that reservation system provider strengthen their security and changed of our access to Two-Factor Authentication.

● Conducted security training for our staff based on the findings provided by the external investigation firm.

 

 

We sincerely apologize for the concern and inconvenience caused to our guests and all affected parties. We will continue to prioritize security, and thank you for your understanding.

 

【Inquiries】
HOTEL CYCLE, ONOMICHI U2

Email to reservation@onomichi-u2.com