- NightSpire claims Hyatt Place Chelsea ransomware attack stole 48.5GB of data
- Stolen files may include employee credentials, allowing phishing and internal system access.
- Hyatt has not confirmed the breach; The hospitality industry remains a frequent ransomware target
The Hyatt Place Chelsea New York hotel, part of Hyatt Hotels Corporation, appears to have suffered a ransomware attack and lost sensitive data from an (as yet) unknown number of people.
A threat actor called NightSpire recently added the hotel to its dark web data breach website, claiming to have stolen 48.5GB of sensitive data. He also shared a sample of the stolen files and asked all parties interested in acquiring the full file to contact them.
security researchers cyber news analyzed a sample of the stolen files and said it appears to contain invoices, expense reports with employees’ full names, contact information, signatures, as well as data from associated companies.
Waiting for Hyatt’s response
All of this is more than enough data to execute highly convincing phishing attacks against Hyatt employees (and other high-value individuals), stealing even more sensitive data, such as login credentials.
However, this may not even be necessary, since cyber news It also says the files “suggest that the documents may include employee credentials in its internal CMS.”
In that case, whoever obtained the data could have access to all employees, clients and business partners of the entire hotel chain.
“Exposed contact data and email signatures may not seem dangerous on their own, but they give attackers exactly what they need to execute convincing fraud and social engineering campaigns,” the researchers warned.
“If employee credentials turn out to be compromised, the risk goes beyond scams. Stolen logins can be exploited to access internal tools, read sensitive communications, or move laterally across the Hyatt network.”
So far, these claims have not yet been confirmed. Hyatt has yet to give an official statement or share anything on its newsroom website or social media. We will reach out and will update the article if we receive a response.
The hotel and lodging industry is one of the most targeted sectors, so Hyatt’s alleged breach is (unfortunately) not a surprise.
Hyatt Hotels Corporation is a global hospitality company that operates more than 1,350 hotels and all-inclusive properties around the world. It employs approximately 52,000 people, earns approximately $6.6 billion in annual revenue and serves millions of guests each year through stays and its more than 60 million member loyalty program.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
