Dive Brief:
- Ransomware group Daixin Team claimed responsibility for this month’s cyberattack on Omni Hotels & Resorts, cybersecurity news site BleepingComputer reported.
- The group claims to have stolen “sensitive data, including all records of all visitors from 2017,” but it has yet to leak the data or provide proof that it was the actor behind the attack, BleepingComputer reports.
- In an update on its website, Omni said “a subset” of customers’ information may have been impacted, though that info doesn’t include personal payment details, financial information or social security numbers.
Dive Insight:
Omni said the impacted data may include customer names, emails and mailing addresses, as well as loyalty program information. It has reported the stolen information to law enforcement.
Omni declined a Hotel Dive request to share whether the company has paid attackers a ransom, though Daixin Team’s attacks are financially motivated, according to the Cybersecurity & Infrastructure Security Agency.
According to CISA, Daixin Team is a “data extortion group” that has been active since at least June 2022. In a previous attack targeting the healthcare sector, the group obtained personal identifiable information and patient health information, then threatened to release it if a ransom was not paid, CISA said.
Omni shut down its systems nationwide beginning on Friday, March 29, when it learned of the attack, and restored systems across its portfolio as of April 8, according to its website.
Earlier this month, John Dwyer, director of security research for cybersecurity solutions provider Binary Defense, told Hotel Dive that the Omni breach was likely an extortion attack.
“A large portion of the threat landscape has shifted towards extortion-based attacks and being able to apply pressure is a key element in extortion,” he said.
Hotels are common targets for cyberattacks, given the large amount of personal information they have access to.
“Important people stay in hotels, and hotels store data on the important people who visit them,” Lee Clark, manager of cyber threat intelligence production at the Retail & Hospitality Information Security and Analysis Center, told Hotel Dive last week.
Omni is the latest major hotel group to experience a breach, following cyberattacks on MGM Resorts International and Caesars Entertainment in September.
