Omni Hotels suffer prolonged IT outage due to cyberattack
Texas-based Omni Hotels & Resorts has been responding to a cyberattack that started last Friday, which resulted in the unavailability of many of its IT systems.
According to people staying at some of the 50 properties the company operates across Northern America, who took to Reddit to vent and discuss the problem, the outage affected reservation and check-in systems, room key cards, and payment systems.
What is known about the Omni Hotels cyberattack?
The disruption is partly due to the attack and partly due to Omni shutting down its systems to protect and contain its data.
“As a result, certain systems were brought offline, most of which have been restored,” the company said today.
“As our team works diligently to restore the remainder of the systems to full functionality, we continue to welcome our guests and accept new reservations. We apologize for the disruption and inconvenience this cyberattack is causing.”
The company has called in “a leading cybersecurity response team” to help with the ongoing investigation, and is working to “determine the scope of the event, including impact to any data or information maintained on Omni systems.”
The cyber attack disrupted hotel operations
“It’s unlikely many hotel guests would have ever considered how connected and digitally-dependent their holiday destination was, but this is now a situation they are unlikely to forget,” William Wright, CEO of Closed Door Security, commented for Help Net Security.
“Being forced back into manual operations, this means guests are required to text hotel staff to access their rooms, while payments by cards are reportedly not possible. This is hardly the relaxing and care-free experience people dream of on holiday,” he added.
“It’s unclear what cyberattack the hotel is facing, but there is a high possibility it’s ransomware. If this is the case, the hotel will be working hard to restore its systems and establish if guest data has been compromised – another unwelcome gift for holidaymakers.”
But, he noted, the real takeaway from the incident is: Don’t gamble with cyber defenses.
“Systems must be tested regularly to identify bugs and weaknesses that could be exploited by criminals. While employees must be regularly trained to understand cyber risks. This must be bolstered with technical defences that detect malicious activity and make it harder for criminals to break into systems.”
This is not the first time that Omni Hotels had been targeted by cybercriminals. In 2016, point of sale (PoS) systems at some of Omni’s properties had been compromised with malware.
UPDATE (April 15, 2024, 05:30 a.m. ET):
“Omni Hotels & Resorts continues to investigate a recent cyberattack on its systems with the assistance of a leading cybersecurity response group. As part of this investigation, we have determined that limited information pertaining to a subset of our customers may have been impacted,” the company said on Sunday.
“It is important to note that the impacted data does not include sensitive information such as personal payment details, financial information, or social security numbers. It may include customer name, email, and mailing address, as well as Select Guest Loyalty program information. We have reported this matter to law enforcement.”
According to DataBreaches.net, the attack has been claimed by Daixin Team, a ransomware group that also practices double extortion (i.e., threatens to leak the stolen data online if the ransom isn’t paid). The threat actor claims to have data of 3.5 million guests that stayed at Omni properties from 2017 to the present.