Ransomware gang claims it hacked into Hyatt systems, says it has stolen data for sale

News
By published

NightSpire claims to have stolen almost 50GB of Hyatt files

  • NightSpire claims Hyatt Place Chelsea ransomware attack, stealing 48.5 GB of data
  • Stolen files may include employee credentials, enabling phishing and internal system access
  • Hyatt has not confirmed breach; hospitality industry remains frequent ransomware target

The Hyatt Place Chelsea New York hotel, part of the Hyatt Hotels Corporation, appears to have suffered a ransomware attack and lost sensitive data on a (yet) unknown number of people.

A threat actor going by NightSpire recently added the hotel to its dark web data leak website, claiming to have stolen 48.5 GB of sensitive data. It also shared a sample of the stolen files, and told all parties interested in acquiring the full archive to reach out.

Security researchers from Cybernews analyzed a sample of the stolen files and said it appears to contain invoices, expense reports with full employee names, contact information, signatures, as well as partner company data.

Waiting for Hyatt's response

All of this is more than enough data to run highly convincing phishing attacks against Hyatt’s employees (and other persons of high value), stealing even more sensitive data, such as login credentials.

However, that might not even be necessary, since Cybernews also says the files “suggest the documents may include employee credentials to their internal CMS.”

In that case, whoever obtained the data could potentially have access to the entire hotel chain’s employees, clients, and business partners.

“Exposed contact details and email signatures may not look dangerous on their own, but they give attackers exactly what they need to run convincing social engineering and fraud campaigns,” the researchers warned.

“If employee credentials prove to be compromised, the risk goes beyond scams. Stolen logins can be exploited to access internal tools, read sensitive communications, or move laterally across Hyatt’s network.”

So far, these claims have not yet been confirmed. Hyatt is yet to give an official statement, or share anything on its newsroom website, or socials. We've reached out and will update the article if we hear back.

The hospitality and accommodation industry is one of the most targeted sectors, so Hyatt allegedly being breached is (unfortunately) no surprise.

Hyatt Hotels Corporation is a global hospitality company operating about 1,350+ hotels and all-inclusive properties worldwide. It employs roughly 52,000 people, earns approximately $6.6 billion in annual revenue, and serves millions of guests every year through stays and its 60+ million-member loyalty program.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.