Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?


Data Breaches

Omni Hotels Says Personal Information Stolen in Ransomware Attack

Omni Hotels says customer information was compromised in a cyberattack claimed by the Daixin Team ransomware group.

Hospitality chain Omni Hotels & Resorts has confirmed that customer information was stolen in a cyberattack claimed by the Daixin Team ransomware group.

The incident, which occurred on March 29, prompted Omni to shut down systems, which led to disruptions across the company’s hotels and resorts. By April 8, Omni had restored systems across all properties.

While Omni did not provide details on the type of cyberattack it fell victim to, the Daixin Team ransomware group has added the hotel chain to its leak site, claiming the theft of all records pertaining to Omni’s visitors from 2017 onwards.

On Monday, Omni updated its incident notice to reveal that the information of a subset of customers may have been compromised.

“It is important to note that the impacted data does not include sensitive information such as personal payment details, financial information, or social security numbers. It may include customer name, email, and mailing address, as well as Select Guest Loyalty program information,” Omni said.

The company did not share information on the number of impacted customers, but Daixin Team told DataBreaches that it stole the information of roughly 3.5 million Omni guests, and shared some of the exfiltrated files as proof.

The ransomware gang apparently made a $3.5 million ransom demand but dropped the ask to $2 million during negotiations with Omni. However, it is unclear whether the hotel chain agreed to the attackers’ demands.

Omni Hotels & Resorts operates 50 hotels and resorts across North America, offering more than 23,000 rooms and employing roughly 14,000 people. 

Related: 530k Impacted by Data Breach at Wisconsin Healthcare Organization

Advertisement. Scroll to continue reading.

Related: CVS Group Restoring Systems Impacted by Cyberattack

Related: Second Ransomware Group Extorting Change Healthcare

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights