Omni Hotels reports that customers’ personal data was compromised in a ransomware attack

The cyberattack on Omni Hotels & Resorts, confirmed by the hotel chain, underscores the pervasive threat of ransomware attacks targeting businesses. According to Omni’s update on its website, the stolen data includes customer names, email addresses, postal addresses, and guest loyalty program information. However, financial information and Social Security numbers were reportedly not compromised.

Following the identification of intruders in its systems, Omni shut down its systems on March 29, resulting in widespread outages across its properties, including phone and Wi-Fi issues. Although the hotel chain restored its systems on April 8, the impact on guests was significant, with reports of room keys ceasing to function.

The ransomware gang responsible for the attack, known as Daixin, claimed credit for the breach and threatened to leak customer records dating back to 2017. While the gang did not provide evidence on its dark web site, portions of the allegedly stolen files were shared with DataBreaches.net, matching the types of personal information reported by Omni.

Daixin has previously targeted businesses across the U.S., including healthcare organizations, prompting a public advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in October. The gang’s involvement in cyberattacks against U.S. hospitals and medical facilities underscores the severity of the threat posed by ransomware groups.