Ransomware Breach: Omni Hotels Reports Theft of Customers’ Personal Information

Hotel chain giant Omni Hotels & Resorts has confirmed cybercriminals stole the personal information of its customers in an apparent ransomware attack last month. In an update on its website posted on Sunday, Omni said the stolen data includes customer names, email addresses, and postal addresses, as well as guest loyalty program information. The company said the stolen data does not include financial information or Social Security numbers. Ransomware gangs typically use such dark web sites to publish stolen information to extort a ransom from their victims. A sample of the stolen data shared with DataBreaches.net matched the types of customers’ personal information that Omni said was taken.

The renowned hotel chain Omni Hotels & Resorts has confirmed that personal data of its customers has been stolen by cybercriminals in an apparent ransomware attack that occurred last month.

In a recent update posted on its website, Omni disclosed that the stolen data includes customer names, email addresses, postal addresses, and guest loyalty program information. However, financial information and Social Security numbers were not compromised.

The incident came to light when Omni detected intruders in its computer systems on March 29, prompting the company to take immediate action and shut down its systems. As a result, guests across Omni’s properties experienced widespread outages, including issues with phones and Wi-Fi, with some reporting that their room keys stopped working. It wasn’t until a week later, on April 8, that the hotel chain was able to restore its systems.

According to its website, Omni operates numerous properties throughout the United States and Canada and employs over 14,000 members of staff.

The responsibility for the ransomware attack has been claimed by a group known as Daixin.

The Daixin gang, responsible for the recent breach, announced on its dark web site that it will soon release a large amount of customer records dating back to 2017. This is a common tactic used by ransomware gangs to extort money from their victims.

While no evidence was provided to support their claims, the gang did share segments of the stolen data with DataBreaches.net, an experienced data breach monitor. According to the publication, the Daixin gang claims to have obtained 3.5 million customer records from Omni. In fact, a sample of the stolen data shared with DataBreaches.net corresponds with the types of personal information that Omni confirmed was part of the breach.

A spokesperson for Omni has not yet released a statement regarding the incident.

This isn’t the first time Daixin has been in the spotlight for its malicious activities. In October, the U.S. cyber security agency CISA released a public advisory after the group targeted various businesses across the country, including healthcare organizations. In previous attacks, Daixin has also taken credit for targeting hospitals and medical facilities in the U.S.

If you have any information regarding the Omni Hotels breach, please contact this reporter through Signal and WhatsApp at +1 646-755-8849, or via email. You can also securely send files and documents through SecureDrop.