Omni Hotels Data Breach: Why Are Hackers Targeting Hotel Chains?

Why Trust Techopedia

With summer on the horizon, news of another major hotel chain falling victim to a cyber attack reveals a worrying trend of ransomware criminals targeting the hospitality industry.

Hackers have quickly developed an ever-increasing appetite for stealing valuable hotel guest data and credit card information, let alone causing day-to-day operational mayhem.

The latest organization to be hit with a data breach is Omni Hotels & Resorts, based in Texas.

Since the attack at the end of March, hackers claimed to have stolen the personal data of over 3.5 million of Omni’s guests and loyalty program members. Large sections of this data were later provided to cyber reporting blog specialist Data Breaches.

The knock-on effect didn’t end there. Upon discovering the breach, Omni was forced to immediately shut down its systems, causing widespread companywide disruption affecting customers and staff in many of Omni’s 50 properties across North America.

Key Takeaways

  • March’s cyber attack on Omni Hotels and Resorts saw the personal data of 3.5 million guests stolen.
  • Omni was forced to shut down its IT network to contain the attack impacting reservation, point of sales (POS), and room key entry systems across its fifty properties.
  • The ransomware incident follows 2023 attacks on MGM Resorts, Caesars Entertainment, and Motel One, which stole credit card information and cost the firms millions of dollars and caused reputational damage.
  • The rise in hotel organization’s data breaches underscores the urgent need for improved security.

What Happened in the Omni Hotels Ransomware Attack?

According to DataBreaches, the Omni attack began on March 27 and was orchestrated by a data extortion group called the Daixin Team. Initially, the cyber gang demanded a ransom of $3.5 million but later reduced it to $2 million after apparent negotiations with the hotel group.

While the cybercrime organization managed to steal a treasure trove of customers’ personal information, Omni Hotels and Resorts released a statement to reassure patrons that the “impacted data does not include sensitive information such as personal payment details, financial information, or social security numbers.”

Previous guests will still be concerned after a sample of the breach shared by the Daixin Team revealed the full names, email addresses, and zip codes of Omni guests who checked in and out since 2017, primarily because this information may be used by or sold to fraudsters to apply for credit cards and open fraudulent bank accounts in their name.

The loss of their client’s personal details is a huge blow to the Dallas-based hotel chain, which has operated since 1958.

After identifying the attack on March 29, Omni quickly shut down its IT systems to contain the malware assault. This immediately hit its live reservation and point-of-sale (POS) functions, as well as its key-card technology systems, temporarily denying guests access to their hotel rooms.

While Omni reported on April 8 that they had restored their systems, the 11-day outage resulted in an onslaught of irate customers venting and recounting their experiences on social media.

The Rise of Ransomware Attacks in The Hospitality Sector

It’s no secret that the hospitality industry has always been vulnerable to cyber attacks. Omni Hotels and Resorts are also not alone after a recent surge in high-profile hotel organizations targeted by cybercriminals.

Almost entirely financially motivated, ransomware attacks capitalized on the hospitality industry’s reliance on connected technologies and its access to lucrative customer financial data — from online reservation and in-house booking networks through to guest key card entry systems and electronic payment infrastructure.

Once a hostile aggressor gains access to a hotel organization’s IT systems, they can steal valuable customer data and cause havoc across the company’s technology network.

The consequences of these infringements can cost millions of dollars, not to mention the long-lasting damage they cause to a hotel brand’s reputation. Hence, hotel chains may consider paying multimillion-dollar ransoms to minimize the damage.

This stems from the tangible operational dollar value while a hotel chain’s systems are down, and C-level executives will also consider the negative impacts on the organization’s share price.

2023’s High-Profile Attacks Cost Millions

In 2023 alone, several big-name brands were hit by ransomware attacks. The largest was a massive cyber attack on MGM Resorts, which reportedly cost the chain more than $100 million in damages.

According to an open letter written by MGM Resorts CEO and President Bill Hornbuckle afterward, criminal actors were able to penetrate MGM’s IT systems during the attack.

The attack was launched by two hacker groups, Scattered Spider and ALPHV. Hornbuckle admitted that the groups were able to steal customers’ personal details, including their “name, contact information, gender, date of birth, and driver’s license number.”

In addition to stealing customer information, they were able to encrypt some of the MGM Resort’s own digital data, resulting in a hefty extortion demand in exchange for the decryption key.

Along with MGM, Caesars Entertainment was also targeted by Scattered Spider in 2023 and allegedly paid a $15 million ransom after a significant breach of its loyalty program database.

And it’s not just US companies attracting the attention of hackers.

European-based budget hotel chain Motel One was hacked in 2023 after cyber criminals stole several of Its customers’ credit card details. Later, the company posted an FAQ section on its website to help address Motel One guests’ concerns.

The Bottom Line

As ransomware evolves into even more complex and sophisticated forms, the increasing demand for hotel chains to keep pace becomes all the more evident after each high-profile cyber attack.

Whether achieved via phishing scams, malware, or deploying botnets to deliver a Distributed Denial of Service (DDOS) attack, falling prey to cyber criminals can hurt a hotel organization’s operational systems for days, if not weeks.

Cyber events that hotel chains, no matter how big they are, could cause sustained, long-lasting reputational damage.

The sheer scale of operations hotel chains such as Omni, MGM, and Caesars run provides countless opportunities to access their systems. A clicked link or the opening of a malicious file extension by a member of staff is often all a hacker needs to penetrate a firm’s technical infrastructure.

Successful cyber strategies include adopting more stringent user authentication, device integrity checks, and continuous verification on every system. However, hotels spending millions upgrading cyber security systems is only part of the solution.

In addition, hotel chains must also provide extra staff training, whether on identifying potential threats and alerting the organization’s IT and cyber security departments or on responding effectively once their systems have been breached.

Ultimately, the buck has to stop with the hotel chains themselves. Holidaymakers booking their accommodation this summer do so in good faith that an organization will keep their personal information secure from the moment they book — and forever after once they’ve checked out.

As hackers refine their tactics and bombard hotels, resorts, and casinos with endless ransomware attacks, the question is: which hotel organization is next?

Related Terms

Related Article