Less than two weeks after Omni Hotels & Resorts admitted that they had been the victim of a cyberattack, a known ransomware gang has publicly claimed that they were responsible for the attack. A post on Daixin Team’s dark web leak site claimed they had “Sensitive data. (Including all records of all visitors from 2017 to the present).”
No proof was posted on their leak site at the time, but breach blog DataBreaches.net was able to get more details and data from Daixin, including proof of a claim they made to Omni about having information on 3.5 million guests.
An update issued by the hotel chain after the threat actors threatened to leak data soon said:
It is important to note that the impacted data does not include sensitive information such as personal payment details, financial information, or social security numbers. It may include customer name, email, and mailing address, as well as Select Guest Loyalty program information. We have reported this matter to law enforcement.
Their statement is consistent with the description of the data provided by the threat actors to DataBreaches.net.
Other information provided to DataBreaches.net indicated that the hotel chain did try to negotiate a payment with Daixin Team, but then stopped responding after April 11. The ransomware gang had dropped their demands from $2.9 million to $2 million if the hotel chain did not need a decryptor key but the negotiator for the hotel chain did not respond.