お知らせ
第三者による不正アクセスに伴う個人情報の流出とフィッシングサイトに誘導するメッセージの配信について
*English below
2026年2月4日
お客様各位
株式会社チョイスホテルズジャパン
東京都中央区日本橋馬喰町一丁目6-3
吉野第一ビル2階
東京都中央区日本橋馬喰町一丁目6-3
吉野第一ビル2階
第三者による不正アクセスに伴う個人情報の流出と
フィッシングサイトに誘導するメッセージの配信について
フィッシングサイトに誘導するメッセージの配信について
この度、当社のチョイスブランドに加盟する「コンフォートホテル東京東日本橋」(以下「本ホテル」といいます)に、予約サイトBooking.com(以下「Booking.com」といいます)を通じてご予約いただいた一部のお客様に対し、外部の第三者からフィッシングサイトへ誘導するメッセージが配信された件につきまして、お客様には多大なご迷惑及びご心配をおかけしておりますことを、深くお詫び申し上げます。
2026年1月21日にお知らせとして掲示いたしました「【注意喚起】弊社を装った不審なWhatsAppを通じたメッセージにつきまして」に関して、その後の調査により判明した事実について、以下のとおりご報告申し上げます。
1.事象の経緯
2026年1月21日、Booking.comを通じて本ホテルにご予約いただいた一部のお客様に対し、SNS「WhatsApp」を利用したフィッシング詐欺目的のメッセージが送信されていることが判明しました。
当社は直ちに Booking.com社が提供する予約情報管理システム(以下「管理画面」といいます)のパスワードを変更し、同日中に該当と思われるお客様へ Booking.com を通じて注意喚起のメッセージを送信するとともに、ホームページ上でも注意喚起のお知らせを公開いたしました。
その後、当社および Booking.com にて不正アクセスの状況等について調査を進めてまいりました。※「フィッシング詐欺」とは、送信者を詐称したメールやSMSを送りつけ、貼り付けたリンクをクリックさせて偽のホームページに誘導することで、クレジットカード番号などの重要な情報を盗み出す詐欺のことです。
2.調査結果
調査の結果、以下の事象が確認されました。
(1) 漏えいの原因
本ホテルが使用する管理画面のアカウントが、2026年1月19日21:15頃(日本
時間)に外部の第三者により不正アクセスを受けたものです。
(2) 個人情報が漏えいした可能性のある対象のお客様
Booking.com を通じて2026年1月19日までに本ホテルにご予約されたお客様
(うち、宿泊対象期間:2026年1月19日〜2026年12月13日のもの)
(3) 漏えいの可能性のある情報
・氏名
・電話番号
・住所のうち国名
・宿泊予約情報(予約番号、宿泊日、宿泊プランなど)
※クレジットカード番号など、決済に必要な情報は含まれておりません。
(4) 二次被害
一部のお客様がメッセージに記載されたフィッシングサイトにアクセスし、
クレジットカードで支払いを行ったとの報告を受けております。
3.お客様へのお願い
当社からお客様へ予約に関するご連絡を行う際は、Booking.com内のメッセージ機能のみを使用しております。SNSやWhatsApp等を通じてご連絡することはございません。疑わしいメッセージを受け取られた場合は、メッセージ内のURLリンクへアクセスされないよう十分ご注意ください。また、本ホテルの予約等に関して、上記のようなメッセージを受領された場合は、下記窓口までご連絡ください。
【お客様窓口】
Booking.comカスタマーサポート(24時間対応)
日本国内: 03 6743 6650
国際電話(英語): +44 20 3320 2609
【ご予約に関するお問い合わせ窓口】
コンフォートホテル東京東日本橋
電話番号 03-5645-3311
【個人情報のお取り扱いに関する苦情窓口】
株式会社グリーンズ
メールアドレス greens-koho@greens.co.jp
4.今後の対応と再発防止策
本件につきましては、関係機関などからの指摘を踏まえ、従業員への教育を再度徹底してまいります。
お客様には多大なご迷惑とご心配をおかけしておりますことを、改めて深くお詫び申し上げます。
以上
February 4, 2026
February 4, 2026
To Our Valued Customers,
Choice Hotels Japan Co., Ltd.
2Fl.,Yoshino Daiichi Bldg.,1-6-3
Nihombashi Bakuro-cho, Chuo-ku,
Tokyo, Japan
Notice Regarding Personal Information Leakage Caused by Unauthorized Access
and Distribution of Messages Leading to Phishing Websites
and Distribution of Messages Leading to Phishing Websites
We sincerely apologize for the significant inconvenience and concern caused to our customers regarding the recent incident in which phishing messages were sent by an external third party to some customers who made reservations at Comfort Hotel Tokyo Higashi Nihombashi, a hotel affiliated with our Choice Brand, (hereinafter referred to as “the Hotel”) via the online travel agent, Booking.com (hereinafter “Booking.com”).
With reference to the notice entitled “Regarding Suspicious Messages Impersonating Our Hotel via WhatsApp” which was posted on January 21, 2026, we would like to report the facts that have become clear through our subsequent investigation, as detailed below;
1. Overview of the Incident
On January 21, 2026, it was confirmed that phishing scam messages were sent via the social networking service “WhatsApp” to some customers who had made reservations at the Hotel through Booking.com.
Upon discovery, we immediately changed the password for the reservation information management system provided by Booking.com (hereinafter referred to as the “Extranet”). On the same day, we sent warning messages to the customers believed to have been affected through Booking.com and published a notice on our official website.
Thereafter, we continued our investigation into unauthorized access in cooperation with Booking.com.
*Note: A “phishing scam” refers to a fraudulent act in which emails or SMS messages disguised as being from legitimate senders are sent to recipients, inducing them to click embedded links that lead to fake websites to steal credential information such as credit card details. *
2. Results of the Investigation
As a result of our investigation, the following facts have been confirmed:
(1) Cause of the Information Leakage
An account for the Extranet used by the Hotel was subject to unauthorized access by an external third party at approximately 9:15 p.m. (Japan Standard Time) on January 19, 2026.
(2) Customers Potentially Affected
Customers who made reservations at the Hotel through Booking.com on or before January 19, 2026,
and those falling within the stay period from January 19, 2026 to December 13, 2026.
(3) Information Potentially Leaked
- Name
- Telephone number
- Country of residence
- Accommodation reservation details (reservation number, stay dates, accommodation plan, etc.)
*Please note that no credit card numbers for payment were included. *
(4) Secondary Damage
We have received reports that some customers accessed the phishing websites listed in the messages and made payments using their credit cards.
3. Request to Our Customers
Please be advised that when we contact customers regarding reservations, we do so exclusively through the messaging function in Booking.com. We do not contact customers via social networking services such as WhatsApp.
If you receive any suspicious messages, please refrain from accessing any URL links contained in the message. If you receive such messages concerning reservations at the Hotel, please contact the following support desk.
Booking.com Customer Support (24 hours)
Japan: +81-3-6743-6650
International (English): +44-20-3320-2609
Comfort Hotel Tokyo Higashi Nihombashi
Tel: +81-3-5645-3311
Greens Co., Ltd.
Email: greens-info@greens.co.jp
4. Measures and Prevention of Recurrence
In response to this incident and in consideration of guidance from relevant authorities, we will further strengthen employee training and take thorough measures to prevent any recurrence.
Once again, we sincerely apologize for the inconvenience and concern caused to our customers.
Sincerely,
With reference to the notice entitled “Regarding Suspicious Messages Impersonating Our Hotel via WhatsApp” which was posted on January 21, 2026, we would like to report the facts that have become clear through our subsequent investigation, as detailed below;
1. Overview of the Incident
On January 21, 2026, it was confirmed that phishing scam messages were sent via the social networking service “WhatsApp” to some customers who had made reservations at the Hotel through Booking.com.
Upon discovery, we immediately changed the password for the reservation information management system provided by Booking.com (hereinafter referred to as the “Extranet”). On the same day, we sent warning messages to the customers believed to have been affected through Booking.com and published a notice on our official website.
Thereafter, we continued our investigation into unauthorized access in cooperation with Booking.com.
*Note: A “phishing scam” refers to a fraudulent act in which emails or SMS messages disguised as being from legitimate senders are sent to recipients, inducing them to click embedded links that lead to fake websites to steal credential information such as credit card details. *
2. Results of the Investigation
As a result of our investigation, the following facts have been confirmed:
(1) Cause of the Information Leakage
An account for the Extranet used by the Hotel was subject to unauthorized access by an external third party at approximately 9:15 p.m. (Japan Standard Time) on January 19, 2026.
(2) Customers Potentially Affected
Customers who made reservations at the Hotel through Booking.com on or before January 19, 2026,
and those falling within the stay period from January 19, 2026 to December 13, 2026.
(3) Information Potentially Leaked
- Name
- Telephone number
- Country of residence
- Accommodation reservation details (reservation number, stay dates, accommodation plan, etc.)
*Please note that no credit card numbers for payment were included. *
(4) Secondary Damage
We have received reports that some customers accessed the phishing websites listed in the messages and made payments using their credit cards.
3. Request to Our Customers
Please be advised that when we contact customers regarding reservations, we do so exclusively through the messaging function in Booking.com. We do not contact customers via social networking services such as WhatsApp.
If you receive any suspicious messages, please refrain from accessing any URL links contained in the message. If you receive such messages concerning reservations at the Hotel, please contact the following support desk.
Booking.com Customer Support (24 hours)
Japan: +81-3-6743-6650
International (English): +44-20-3320-2609
Comfort Hotel Tokyo Higashi Nihombashi
Tel: +81-3-5645-3311
Greens Co., Ltd.
Email: greens-info@greens.co.jp
4. Measures and Prevention of Recurrence
In response to this incident and in consideration of guidance from relevant authorities, we will further strengthen employee training and take thorough measures to prevent any recurrence.
Once again, we sincerely apologize for the inconvenience and concern caused to our customers.
Sincerely,
--以下、2026年1月21日にお知らせとして掲示いたしました「【注意喚起】弊社を装った不審なWhatsAppを通じたメッセージにつきまして」--
【注意喚起】弊社を装った不審なWhatsAppを通じたメッセージにつきまして/Regarding Suspicious Messages Impersonating Our Hotel via WhatsApp│【公式】コンフォートホテル
*English below
コンフォートブランドのホテルを装った不審なメッセージ(なりすまし)が確認されました。
メールを受信されたお客様にはご不安な思いをさせてしまいましたこと、心よりお詫び申し上げます。
2026年1月21日(水)未明から、海外予約サイト「Booking.com」経由で予約されたお客様にSNS WhatsAppを通じて、クレジットカード情報入力に誘導するメッセージとリンクが届くという事象が発生しております。
当社からSNSを通じてこのようなメッセージを送ることはございません。
このようなメッセージを受信された場合は、ウイルス感染、フィッシングサイトへの誘導、不正アクセス等のリスクが高いため、添付ファイルの参照やメール本文中のURLのクリック等は行わず、即時削除していただきますようお願いいたします。
■実際にお客様に送られた不審なメッセージ
*Confirm Your Reservation*
Hello [Guest Name],
Thank you for booking with Comfort Hotel Tokyo Higashi Nihombashi for your stay from [Check-in Date] to [Check-out Date]! Your booking ID is XXXXXXXXX.
Could you please confirm your booking details and verify your reservation? No worries, no payment will be charged—a temporary hold may be placed for verification and released immediately.
Please click this link to complete the process:
[link removed]
Please note that if the verification is not completed within 24 hours, your booking may be cancelled.
Best regards,
Emma Larsen
Comfort Hotel Tokyo Higashi Nihombashi
Reservation Department
【Important Notice】Regarding Suspicious Messages Impersonating Our Hotel
We have confirmed the circulation of suspicious messages impersonating Comfort brand hotels.
We sincerely apologize for any concern or inconvenience this may have caused to our guests.
Since the early morning of Wednesday, January 21, 2026, we have identified incidents in which guests who made reservations through Booking.com received messages via the social media platform WhatsApp. These messages attempted to prompt recipients to enter their credit card information by directing them to an external link.
Please be advised that we do not send such messages via social media or messaging applications.
If you receive any suspicious messages of this nature, there is a high risk of virus infection, phishing websites, or unauthorized access.
For your safety, please do not open any attachments or click on any URLs included in the message, and delete the message immediately.
■ Example of the Suspicious Message Sent to Guests
(The following is an example of the message reported by guests.)
Confirm Your Reservation
Hello [Guest Name],
Thank you for booking with Comfort Hotel Tokyo Higashi Nihombashi for your stay from [Check-in Date] to [Check-out Date]! Your booking ID is XXXXXXXXX.
Could you please confirm your booking details and verify your reservation? No worries, no payment will be charged—a temporary hold may be placed for verification and released immediately.
Please click this link to complete the process:
[link removed]
Please note that if the verification is not completed within 24 hours, your booking may be cancelled.
Best regards,
Emma Larsen
Comfort Hotel Tokyo Higashi Nihombashi
Reservation Department
11
アーカイブ
