Hospitality chain Omni Hotels & Resorts has confirmed that customer information was stolen in a cyberattack claimed by the Daixin Team ransomware group.
The incident, which occurred on March 29, prompted Omni to shut down systems, which led to disruptions across the company’s hotels and resorts. By April 8, Omni had restored systems across all properties.
While Omni did not provide details on the type of cyberattack it fell victim to, the Daixin Team ransomware group has added the hotel chain to its leak site, claiming the theft of all records pertaining to Omni’s visitors from 2017 onwards.
On Monday, Omni updated its incident notice to reveal that the information of a subset of customers may have been compromised.
“It is important to note that the impacted data does not include sensitive information such as personal payment details, financial information, or social security numbers. It may include customer name, email, and mailing address, as well as Select Guest Loyalty program information,” Omni said.
The company did not share information on the number of impacted customers, but Daixin Team told DataBreaches that it stole the information of roughly 3.5 million Omni guests, and shared some of the exfiltrated files as proof.
The ransomware gang apparently made a $3.5 million ransom demand but dropped the ask to $2 million during negotiations with Omni. However, it is unclear whether the hotel chain agreed to the attackers’ demands.
Omni Hotels & Resorts operates 50 hotels and resorts across North America, offering more than 23,000 rooms and employing roughly 14,000 people.
Related: 530k Impacted by Data Breach at Wisconsin Healthcare Organization
Related: CVS Group Restoring Systems Impacted by Cyberattack
Related: Second Ransomware Group Extorting Change Healthcare