HackerFeeds
All ransomware incidents
sh-hoteles.com

Ransomware group Deadlock hits SH Hoteles (Spain)

MEDIUM
·Hospitality and Tourism·ES·2026-07-10

SH Hoteles (Spain) — a hospitality and tourism target operating in ES has been listed by the Deadlock ransomware group on 2026-07-10. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.

Incident Report

Target OrganizationSH Hoteles (Spain)
Threat Group
Deadlock
SummaryThis chain operates various urban and beach properties primarily in the Valencia and Alicante regions. Key Properties: SH Valencia Palace: A 5-star hotel located near the city center of Valencia. SH Villa Gadea: A luxury resort in Altea known for its extensive Thalasso-Spa facilities. SH Inglés: A boutique hotel situated in a renovated 18th-century palace in Valencia's historical center. Other locations: Includes properties in Jávea, Denia, and Gandía
Date of Breach2026-07-10
Discovery Date2026-07-10
RegionES
Target Domainwww.sh-hoteles.com
Business SectorHospitality and Tourism
Severity
MEDIUM

Claim by Deadlock

This chain operates various urban and beach properties primarily in the Valencia and Alicante regions. Key Properties: SH Valencia Palace: A 5-star hotel located near the city center of Valencia. SH Villa Gadea: A luxury resort in Altea known for its extensive Thalasso-Spa facilities. SH Inglés: A boutique hotel situated in a renovated 18th-century palace in Valencia's historical center. Other locations: Includes properties in Jávea, Denia, and Gandía

Posted by the Deadlock threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.

Sources

Victim website

www.sh-hoteles.com

Leak post (onion / Tor)

tor

https://www.swisstransfer.com/d/555aeaa9-5d97-413a-8032-07e569049e3f

Open this URL in Tor Browser. Browsing leak sites carries real risk — view passively, never click further.

Disclaimer

HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.