Omni Hotels experiencing nationwide IT outage – Is it a cyberattack? (Update: Yes)

In Data Breach News, News
April 03, 2024
Omni Hotels experiencing nationwide IT outage – Is it a cyberattack? (Update: Yes)
Omni Hotels Los Angeles at California Plaza

Updated April 4: Omni Hotels subsequently acknowledged that they were hit by a cyberattack. They have published an FAQ on the incident that says most services have been restored. They have not yet determined whether any guest data on their servers was accessed or acquired in the attack.

Original article follows:

Omni Hotels & Resorts has been struggling to recover from what it describes as a chain-wide IT outage. The “outage,” first noted on Friday, has been impacting reservations, hotel room door locks, and point-of-sale systems.

The hotel chain has not been particularly forthcoming about whether this is a cyberattack or not, whether their systems have been encrypted, and whether there has been any ransom or extortion demand.

Hotel guests have been posting messages on X (formerly Twitter) since last week asking what’s going on and expressing frustration with their inability to book or change reservations:

@OmniHotels sitting in line at the Omni Hotel Seaport for over one hour waiting to check in. What are you doing to correct this issue?

One guest’s tweet on March 30 suggested that the problem had been going on for longer than had previously been recognized:

@omnitucsonnatl we’ve been trying to contact your hotel for over 5 days and no one will answer the phone, or we hear there are technical problems. I’m trying to adjust a reservation, how can we talk to someone on the property? Thru @AmericanExpress

The hotel chain’s most recent tweet of April 1 read:

Dear valued guests, our technology teams are continuing to work on restoring our systems that are currently down. Your business is very important to us; we appreciate your patience and apologize for the disruption. Please check back here for updates.

They have blocked users from replying to their tweet, however.

Bleeping Computer reports that some Omni Hotels employees have informed them that the IT team is now manually restoring affected servers from scratch, with staff being informed that systems will be available again on Thursday.

Restoring affected servers from scratch does suggest that there has been a cyberattack resulting in compromise of the servers. As of publication, however, no ransomware group or threat actor has claimed responsibility for any attack on the hotel and resorts chain.