Hotel chain giant Omni Hotels & Resorts has confirmed that cybercriminals stole its guests’ personal information in an apparent ransomware attack last month.
In an update on its website posted Sunday, Omni said the stolen data includes customer names, email and postal addresses, as well as customer loyalty program information. The company said the stolen data does not include financial information or Social Security numbers.
Omni said it shut down its systems on March 29 after identifying intruders in its systems. Guests reported widespread outages at Omni properties, including phone and Wi-Fi issues. Some guests reported their room keys no longer worked. The hotel chain restored its systems a week later, on April 8.
Omni owns dozens of hotels in the United States and Canada and employs more than 14,000 people, according to its website.
A ransomware gang called Daixin took credit for the breach.
The Daixin gang said in a post on its dark website, which gangs typically use to post stolen information to extort ransom from their victims, that it would soon release tons of client records dating back to 2017.
The gang has not released evidence for its claims, but has shared portions of the allegedly stolen files with DataBreaches.net, a veteran data breach watcher. According to the publication, the gang claimed to have stolen 3.5 million Omni customer records. A sample of the stolen data shared with DataBreaches.net matched the types of customers’ personal information that Omni said had been taken.
An Omni spokesperson did not respond to a request for comment.
Daixin was the subject of a public advisory from US cybersecurity agency CISA in October after the ransomware team began targeting businesses across the US, including healthcare facilities. The Daixin gang previously took credit for several cyberattacks targeting US hospitals and medical facilities.
Do you know more about the Sisense breach? To contact this journalist, contact Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.
techcrunch
/cdn.vox-cdn.com/uploads/chorus_asset/file/25467796/Screenshot_2024_05_28_at_1.38.02_PM.png?w=390&resize=390,220&ssl=1)