HWGL
Company Details
Linkedin ID:
huazhugrouplimited
Website:
Employees number:
3,544
Number of followers:
13,327
NAICS:
7211
Industry Type:
Homepage:
hworld.com
IP Addresses:
0
Company ID:
H W_3266501
Scan Status:
In-progress
H World Group Limited Company CyberSecurity Posture
hworld.com
Originating in Shanghai, China in 2005, H World Group Limited (NASDAQ: HTHT; HKEX: 01179) is a leading player in the global hotel industry. H World operates more than 11,000 hotels with 1 million + rooms across 19 countries, creating over 200,000 jobs. Our diverse portfolio includes hotel and apartment brands ranging from luxury to economy. In China, our brands include: Ji Hotel, Joya Hotel, Blossom House, Grand Madison, Crystal Orange Hotel, Manxin Hotel, Madison, CitiGO Hotel, Orange Hotel, HanTing Hotel, Starway Hotel, Ibis, Hi Inn, Ni Hao Hotel, CJIA Apartment, and Suisse Place Apartment Hotel. We also partner with global brands such as Novotel, Mercure, Grand Mercure, and Citadines. In January 2020, H World successfully acquired Deutsche Hospitality (DH), which was officially rebranded as H World International. This international brand family includes: Steigenberger ICONS, Steigenberger Porsche Design Hotels, Steigenberger Hotels & Resorts, Jaz in the City, House of Beats, IntercityHotel, MAXX, and Zleep Hotels. Our loyalty program, H Rewards, serves over 270 million members, offering comprehensive accommodation and travel services. It has become one of the most efficient direct-to-customer networks in the industry.
H World Group Limited A.I CyberSecurity Scoring
HWGL Risk Score (AI oriented)Between 750 and 799
HWGL
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
HWGL Global Score (TPRM)XXXX
HWGL
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
HWGL Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Huazhu Group Limited
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Personal data and booking information from 13 hotels operated by Huazhu Hotels Group has been leaked. It is the largest data breach in China in five years. A post on a Chinese dark web forum titled “Huazhu-owned hotels booking data” claimed to be selling personal data and information of customers from Huazhu-owned hotels. 130 million customers are believed to be affected by the breach. Leaked information potentially includes 240 million lines of data containing phone numbers, email addresses, bank account numbers, and booking details.
HWGL Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for HWGL
Incidents vs Hospitality Industry Average (This Year)
No incidents recorded for H World Group Limited in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for H World Group Limited in 2025.
Incident Types HWGL vs Hospitality Industry Avg (This Year)
No incidents recorded for H World Group Limited in 2025.
Incident History — HWGL (X = Date, Y = Severity)
HWGL cyber incidents detection timeline including parent company and subsidiaries
HWGL Company Subsidiaries
Originating in Shanghai, China in 2005, H World Group Limited (NASDAQ: HTHT; HKEX: 01179) is a leading player in the global hotel industry. H World operates more than 11,000 hotels with 1 million + rooms across 19 countries, creating over 200,000 jobs. Our diverse portfolio includes hotel and apartment brands ranging from luxury to economy. In China, our brands include: Ji Hotel, Joya Hotel, Blossom House, Grand Madison, Crystal Orange Hotel, Manxin Hotel, Madison, CitiGO Hotel, Orange Hotel, HanTing Hotel, Starway Hotel, Ibis, Hi Inn, Ni Hao Hotel, CJIA Apartment, and Suisse Place Apartment Hotel. We also partner with global brands such as Novotel, Mercure, Grand Mercure, and Citadines. In January 2020, H World successfully acquired Deutsche Hospitality (DH), which was officially rebranded as H World International. This international brand family includes: Steigenberger ICONS, Steigenberger Porsche Design Hotels, Steigenberger Hotels & Resorts, Jaz in the City, House of Beats, IntercityHotel, MAXX, and Zleep Hotels. Our loyalty program, H Rewards, serves over 270 million members, offering comprehensive accommodation and travel services. It has become one of the most efficient direct-to-customer networks in the industry.
Loading...
HWGL Similar Companies
Delaware North
Delaware North is a global leader in the hospitality and entertainment industry. The company annually serves more than a half-billion guests across three continents, including at high-profile sports venues, airports, national and state parks, restaurants, resorts, hotels and casinos. Building on mor
Country Club
Country Club India Ltd is one of the fastest growing entertainment and leisure conglomerate in India. A Multi-Million dollar entity and a listed company on BSE (Bombay Stock Exchange), CCIL is a pioneer in the concept of family clubbing in the country. CCIL has established 205 properties of which 50
MGM Resorts International
The resorts and casinos of MGM Resorts International™ are some of the most famous in the world. Our 28 destinations are renowned for their winning combination of quality entertainment, luxurious facilities, and exceptional customer service. We are actively expanding our presence globally, with pot
Meliá Hotels International
Welcome to Meliá Hotels International! From Mallorca to the world, our story is an exciting journey that began more than six decades ago and has led us to become one of the largest hotel chains on the planet and the most sustainable in Europe (S&P Global). With more than 400 hotels across the worl
Taj Hotels
Established in 1903, Taj is The Indian Hotels Company Limited’s (IHCL) iconic brand for the world’s most discerning travellers seeking luxury and authentic experiences. Taj has been rated as India’s Strongest Brand across all sectors for an unprecedented fourth time and also as the World’s Strongest
Best Western Hotels & Resorts
Best Western Hotels & Resorts headquartered in Phoenix, Arizona, is a privately held hotel company within the BWH℠ Hotels global enterprise. With 19 brands and approximately 4,300 hotels in over 100 countries and territories worldwide*, BWH Hotels suits the needs of developers and guests in every ma
Four Seasons Hotels and Resorts opened its first hotel in 1961, and since that time has been dedicated to perfecting the travel experience through continual innovation and the highest standards of hospitality. Currently operating more than 120 hotels and resorts, and more than 50 residential propert
With over 500 properties worldwide, Marriott Hotels has reimagined hospitality to exceed the expectations of business, group, and leisure travelers. Marriott Hotels, Marriott’s flagship brand of quality-tier, full-service hotels and resorts, provides consistent, dependable and genuinely caring
Kerzner International
Kerzner International has built a diverse collection of iconic brands and luxury properties, earning international acclaim for pioneering destination-defining hospitality, delivering unrivalled service, and curating transformative guest experiences. We are renowned for creating hospitality brands
.png)
HWGL CyberSecurity News
November 24, 2025 10:36 AM
H World Group's (NASDAQ:HTHT) Earnings Offer More Than Meets The Eye
H World Group Limited's ( NASDAQ:HTHT ) recent earnings report didn't offer any surprises, with the shares unchanged...
November 20, 2025 10:51 AM
H World Group Limited (NASDAQ:HTHT) Released Earnings Last Week And Analysts Lifted Their Price Target To US$49.24
H World Group Limited ( NASDAQ:HTHT ) just released its latest quarterly results and things are looking bullish...
November 19, 2025 08:00 AM
EY US - Home | Building a better working world
Our commitment to audit quality. At EY US, we are bringing our bold vision for the future of audit to life with quality at the center,...
November 17, 2025 12:00 PM
H World Group (NASDAQ: HTHT) Q3 Adjusted EBITDA Rises to RMB 2.5B on Asset-light Growth
H World reports Q3 revenue of RMB 7.0B and GMV of RMB 30.6B, with franchised hotel revenue up 27.2% to RMB 3.3B and adjusted EBITDA of RMB...
November 17, 2025 08:00 AM
H World Group Reports Solid Q3 2025 Results with Enhanced Profitability and Continued Network Expansion
H World Group Limited (NASDAQ: HTHT; HKEX: 01179), one of the world's leading hospitality groups, delivered strong third-quarter results for...
November 03, 2025 08:00 AM
H World (NASDAQ: HTHT) to run 20,000 hotels by 2030 under quality-led growth
Targets 2000 Chinese cities and approximately 15% share by 2030. H Rewards exceeds 280 million members; 12000 properties across 19 countries...
November 03, 2025 08:00 AM
H World Group Marks 20th Anniversary and Unveils Quality-Driven Growth Strategy
H World Group Limited (NASDAQ: HTHT) (HongKong: 01179), a leading global hospitality group, marked its 20th anniversary by announcing a new...
October 27, 2025 07:00 AM
How the Narrative Surrounding H World Group Is Evolving Amid New Analyst Forecasts and Expansion
H World Group stock has seen a slightly higher Fair Value Estimate, with analysts now projecting $45.01 per share, up from $43.91.
September 22, 2025 07:00 AM
43 Top Cybersecurity Companies to Know 2025
These companies block online threats, assess industry vulnerabilities and increase education and awareness about cybersecurity.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
HWGL CyberSecurity History Information
Official Website of H World Group Limited
The official website of H World Group Limited is https://www.hworld.com/.
H World Group Limited’s AI-Generated Cybersecurity Score
According to Rankiteo, H World Group Limited’s AI-generated cybersecurity score is 791, reflecting their Fair security posture.
How many security badges does H World Group Limited’ have ?
According to Rankiteo, H World Group Limited currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does H World Group Limited have SOC 2 Type 1 certification ?
According to Rankiteo, H World Group Limited is not certified under SOC 2 Type 1.
Does H World Group Limited have SOC 2 Type 2 certification ?
According to Rankiteo, H World Group Limited does not hold a SOC 2 Type 2 certification.
Does H World Group Limited comply with GDPR ?
According to Rankiteo, H World Group Limited is not listed as GDPR compliant.
Does H World Group Limited have PCI DSS certification ?
According to Rankiteo, H World Group Limited does not currently maintain PCI DSS compliance.
Does H World Group Limited comply with HIPAA ?
According to Rankiteo, H World Group Limited is not compliant with HIPAA regulations.
Does H World Group Limited have ISO 27001 certification ?
According to Rankiteo,H World Group Limited is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of H World Group Limited
H World Group Limited operates primarily in the Hospitality industry.
Number of Employees at H World Group Limited
H World Group Limited employs approximately 3,544 people worldwide.
Subsidiaries Owned by H World Group Limited
H World Group Limited presently has no subsidiaries across any sectors.
H World Group Limited’s LinkedIn Followers
H World Group Limited’s official LinkedIn profile has approximately 13,327 followers.
NAICS Classification of H World Group Limited
H World Group Limited is classified under the NAICS code 7211, which corresponds to Traveler Accommodation.
H World Group Limited’s Presence on Crunchbase
No, H World Group Limited does not have a profile on Crunchbase.
H World Group Limited’s Presence on LinkedIn
Yes, H World Group Limited maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/huazhugrouplimited.
Cybersecurity Incidents Involving H World Group Limited
As of November 27, 2025, Rankiteo reports that H World Group Limited has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
H World Group Limited has an estimated 13,641 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at H World Group Limited ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak.
Incident Details
Can you provide details on each incident ?
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach HUA195951122
Data Compromised: Phone numbers, Email addresses, Bank account numbers, Booking details
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Phone Numbers, Email Addresses, Bank Account Numbers, Booking Details and .
Which entities were affected by each incident ?
Incident : Data Breach HUA195951122
Entity Name: Huazhu Hotels Group
Entity Type: Corporation
Industry: Hospitality
Location: China
Customers Affected: 130 million
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach HUA195951122
Type of Data Compromised: Phone numbers, Email addresses, Bank account numbers, Booking details
Number of Records Exposed: 240 million lines of data
Sensitivity of Data: High
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were phone numbers, email addresses, bank account numbers, booking details and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were email addresses, phone numbers, booking details and bank account numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 240.0M.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=huazhugrouplimited' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
