Omni Hotels & Resorts on April 14 confirmed that a limited amount of data was compromised in the March 29 Good Friday cyberattack on its systems.
In a statement on its website, Omni said the impacted data may include customer names, email and mailing addresses, as well as select guest loyalty program information.
Omni underscored that it’s important to note that the impacted data does not include sensitive information such as personal payment details, financial information or Social Security numbers.
SC Media reported on April 5 that hospitality groups are popular targets for ransomware gangs because the disruption and revenue loss the attacks cause puts significant pressure on the victims to pay large ransoms to recover their systems. To apply even more pressure, such attacks are often timed for busy holidays such as Easter weekend.
Omni did not specify the details of the cyberattack, but Security Week reported that the Daixin Team ransomware group recently added Omni to its leak site. The group claimed the theft of records pertaining to Omni customers dating back to 2017.
The Daixin group reportedly made a $3.5 million ransom demand, but cut it to $2 million during negotiations. It wasn't clear if Omni actually paid the ransom as of Tuesday afternoon, and Omni made no mention of a ransomware group or negotiations in its recent statement.
Given that the ransom amount was reportedly reduced and the systems were restored, it’s likely that Omni Group has good backups, said Narayana Pappu, chief executive officer at Zendata. Pappu said the hotel chain’s credit card data is most likely protected via encryption based on PCI requirements.
“This is a new target vertical for the Daixin Team ransomware group,” said Pappu. “In the past, they have mainly gone after healthcare providers. And they are known to publish the user data to the dark web when ransom is not paid. It’s likely that the attack was through vulnerabilities in VPN servers, their primary target attack vector in the past.”
Darren Guccione, co-founder and CEO of Keeper Security, said the cautious approach we see from Omni Hotels & Resorts in response to the incident is not uncommon as the organization navigates the complexities of managing reputational damage, legal obligations and customer trust, as well as securing its systems.
“News of a data breach or security incident spreads quickly, with the potential to impact customer loyalty and confidence in the organization – leading to loss of customers, negative publicity, and long-term damage to brand image,” said Guccione. “This unfolding situation shines a light on the challenge organizations face responding to and mitigating cyberattacks, both internally and publicly.”