Hotel chain giant Omni Hotels & Resorts has confirmed cybercriminals stole the personal information of its customers in an apparent ransomware attack last month.
In an update on its website posted Sunday, Omni said that the stolen data includes customer names, email addresses, and postal addresses, as well as guest loyalty program information. The company said the stolen data does not include financial information or Social Security numbers.
Omni said it shut down its systems on March 29 after identifying intruders in its systems. Guests reported widespread outages across Omni’s properties, including phone and Wi-Fi issues. Some customers said that their room keys stopped working. The hotel chain restored its systems a week later on April 8.
Omni has dozens of hotels across the United States and Canada, and employs more than 14,000 staff, per its website.
A ransomware gang called Daixin has taken credit for the breach.
The Daixin gang said in a post on its dark web site, which gangs typically use to publish stolen to extort a ransom for their victims, that it would soon leak reams of customer records dating back to 2017.
The gang did not post evidence of their claims, but shared portions of the allegedly stolen files with veteran data breach watcher DataBreaches.net. Per the publication, the gang claimed to steal 3.5 million Omni customer records. A sample of the stolen data shared with DataBreaches.net matched the types of customers’ personal information that Omni said was taken.
A spokesperson for Omni did not respond to a request for comment.
Daixin was the subject of a public advisory by U.S. cybersecurity agency CISA in October after the ransomware crew began targeting businesses across the U.S., including healthcare organizations. The Daixin gang previously took credit for several cyberattacks targeting U.S. hospitals and medical facilities.
Do you know more about the Sisense breach? To contact this reporter, get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.
