Hotel chain Omni Hotels & Resorts has admitted that cybercriminals stole customers' personal information in an apparent ransomware attack last month.
In an update posted to its website on Sunday, Omni said the stolen data included customer names, email addresses and addresses, as well as guest loyalty program information. The company said the stolen data did not include financial information or social security numbers.
Omni said it took down the system on March 29 after identifying the intruder to the system. Guests reported widespread outages throughout Omni's properties, including phone and Wi-Fi issues. Some customers reported that their room key no longer worked. The hotel chain restored its systems a week later, on April 8th.
Omni operates dozens of facilities in the U.S. and Canada and employs more than 14,000 staff, according to its website.
A ransomware group called Daixin was blamed for the breach.
The Daixin gang said in a post on its dark website that a large number of customer records dating back to 2017 will soon be leaked. Ransomware gangs typically use such dark websites to publish stolen information and extort ransom payments from victims.
The gang did not post evidence of their claims, but did share some of the allegedly stolen files with veteran data breach watchdog DataBreaches.net. According to the publication, the gang claims he stole 3.5 million Omni customer records. A sample of the stolen data shared with DataBreaches.net matched the type of customer personal information that Omni said it had collected.
An Omni spokesperson did not respond to a request for comment.
Daishin was the subject of a public advisory by U.S. cybersecurity agency CISA in October after ransomware groups began targeting businesses across the United States, including medical institutions. The Daixin gang has previously taken credit for several cyberattacks targeting hospitals and medical facilities in the United States.
Want to know more about the Omni Hotels breach? Contact this reporter on Signal and WhatsApp at +1 646-755-8849 or email. You can also send files and documents via SecureDrop.