Japanese Hospitality Chain Washington Hotel Hit by Ransomware Attack
The Washington Hotel brand in Japan confirmed a ransomware incident on , resulting in the compromise of various business data. The hospitality group, operating under Fujita Kanko Inc. (WHG Hotels), has launched an internal task force and is collaborating with external cybersecurity experts to assess the scope of the breach and initiate recovery procedures.
Washington Hotel caters to business travelers and maintains 30 locations across Japan, encompassing a total of 11,000 rooms and serving approximately 5 million guests annually. The company disclosed that the intrusion was detected at on Friday. In response, IT staff immediately disconnected affected servers from the internet to contain the spread of the attack.
While the investigation is ongoing, Washington Hotel has confirmed that attackers gained access to internal business data. Crucially, the company believes customer data remains secure. According to their statement, customer information is stored on servers managed by a separate entity, and there has been no indication of unauthorized access to those systems.
The ransomware attack is currently causing some operational disruptions, most notably the temporary unavailability of credit card terminals at certain Washington Hotel properties. However, the company reports that overall operational impact has been limited. The financial implications of the incident are still under evaluation.
As of today, , no ransomware group has publicly claimed responsibility for the attack on known dark-web extortion portals monitored by security researchers. This lack of immediate attribution is not uncommon in the early stages of a ransomware incident.
Part of a Broader Trend in Japan
The attack on Washington Hotel is part of a recent surge in cyberattacks targeting Japanese organizations. Other recent incidents include breaches at global automaker Nissan, retail giant Muji (through a supplier), the Asahi brewery, and telecom giant NTT. These attacks highlight a growing threat landscape for businesses operating in Japan.
Adding to the complexity, JPCERT/CC, the Japanese national computer emergency response team, recently alerted organizations to active exploitation of a command injection vulnerability (CVE-2026-25108) in Soliton Systems’ FileZen file-sharing appliance. This appliance is widely used by Japanese companies and was also targeted in a security incident back in 2021, suggesting a persistent vulnerability and continued interest from attackers.
The FileZen vulnerability, while not confirmed to be directly related to the Washington Hotel breach, underscores the importance of proactive vulnerability management and security patching for Japanese organizations. The widespread use of the appliance makes it an attractive target for attackers seeking to compromise multiple systems simultaneously.
Washington Hotel has pledged to provide further updates as the investigation progresses and more information becomes available. The company is cooperating with law enforcement officials and cybersecurity experts to fully understand the extent of the breach and implement measures to prevent future incidents.
The incident serves as a reminder of the pervasive threat posed by ransomware to organizations across all sectors, and the critical need for robust cybersecurity defenses, incident response planning, and data protection strategies.
