Summer 2025 – a cybersecurity nightmare: Over 70,000 identity documents were stolen from hotel servers and sold on the Dark Web. The CERT-AGID alert and the intervention of the Postal Police revealed one of the most severe data breaches in the tourism sector. 1
A high-resolution copy is a gateway to identity theft, banking fraud, and document forgery.
What to Do in Hotels:
- Do not leave your original or a photocopy of your document – Italian law does not permit retention or copying; they can only ask to view it.
- Allow only visual inspection – no copy is necessary. 2
- If a copy is unavoidable: clearly mark it as “Copy,” redact unnecessary data, and destroy it immediately after use.
Personal Anecdote:
Recently I encountered an unattended hotel reception by myself, with an unlocked computer in the lobby, and a lot of scanned documents right on the desktop, visible to anyone passing by. A chilling situation.
Conclusion:
Keep your document with you, avoid making copies, and protect your identity.
- CERT-AGID – “In vendita documenti di identità trafugati da hotel italiani” ↩︎
- GDPRWise – “Hotel guest passports and ID cards: do’s and don’ts” ↩︎
19.08.2025 Note:
This text is primarily intended for travellers, offering advice on how to protect their personal data. At the same time, the recommendations may also be useful for hospitality providers aiming to strengthen their procedures – for example, by collecting only strictly necessary data and ensuring that ID scanners transfer information directly into the hotel system without storing copies. Where AI or cloud services are involved, these should be clearly mentioned in the privacy policy. Guests, on the other hand, can benefit from using online check-in (where available) to shorten waiting times and avoid unnecessary handling of IDs at reception.