Hotel chain giant Omni Hotels & Resorts has confirmed that cybercriminals stole its customers’ personal information in an apparent ransomware attack last month.
In one update on its website Posted on Sunday, Omni said the stolen data included customer names, email and postal addresses, as well as guest loyalty program information. The company said the stolen data did not include financial information or social security numbers.
Omni said it shut down its systems on March 29 after detecting intruders in its systems. Guests reported widespread outages at Omni properties, including phone and Wi-Fi issues. Some customers said their room keys stopped working. The hotel chain restored its systems a week later on April 8.
Omni operates dozens of properties in the United States and Canada and employs more than 14,000 employees, according to its website.
A ransomware gang called Daixin has taken credit for the breach.
The Daixin gang said in a post on its dark web that it will soon leak bundles of customer files dating back to 2017. Ransomware gangs typically use such dark web sites to post stolen information to extort ransom from their victims.
The gang has not released evidence for its claims, but has shared parts of the allegedly stolen files veteran data breach watcher DataBreaches.net. According to the publication, the gang claimed to have stolen 3.5 million Omni customer records. A sample of the stolen data shared with DataBreaches.net matched the types of personal customer information Omni said was taken.
An Omni representative did not immediately respond to a request for comment.
Daixin was her subject a public advisory from US cybersecurity agency CISA in October after the ransomware crew began targeting businesses across the US, including healthcare organizations. The Daixin gang has previously been credited with several cyberattacks targeting US hospitals and medical facilities.
Know more about the Omni Hotels breach? To contact this reporter, contact on Signal and WhatsApp at +1 646-755-8849 or via email. You can also send files and documents via SecureDrop.
