The renowned hacker group known as Play has recently claimed responsibility for a data breach at Firmdale Hotels, targeting valuable files and documents. The announcement was made by the threat actor on their dark web channel. The cyber attack occurred on September 4, 2023, at 23:32 UTC +3 and once again highlights the vulnerability of the hospitality industry, which has been increasingly targeted by cybercriminals.
Firmdale Hotels, a prestigious collection of luxury hotels in London and New York, is well-known for its exceptional service and award-winning properties. However, this data breach has put sensitive information at risk. In their message on the dark web, the Play ransomware gang revealed that they had gained access to a significant amount of sensitive data belonging to Firmdale Hotels. This includes private and confidential information such as client and employee documents, contracts, IDs, passports, client scans, HR records, and financial information.
At the time of their message, 5GB of this data had already been partially published, with a threat of a complete data dump if there was no response from Firmdale Hotels. The Cyber Express has reached out to the organization for more information and an official statement regarding the alleged data breach, but no response has been received yet.
Unfortunately, the data breach at Firmdale Hotels is not an isolated incident. The hospitality industry has become a prime target for cyberattacks due to its increasing reliance on online business and internet transactions. Hotels, in particular, are attractive targets for hackers looking for financial gain, as they process numerous credit card payments daily. Cybercriminals exploit vulnerabilities in hotel websites, systems, servers, and even front desk operations to gain unauthorized access to guest information.
The consequences of such data breaches are severe and can include investigations, damage to reputation, loss of consumer trust, and significant financial penalties. In 2018, Marriott revealed that hackers had attempted to access its guest reservation database, potentially compromising the sensitive information of up to 500 million guests, including payment card details. Other travel companies, such as Orbitz and Booking.com, have also faced data security issues, compromising the personal information of hundreds of thousands of customers.
The Firmdale Hotels data breach is an evolving story, and further updates will be provided once more information or official confirmation is received from the company. It is crucial for organizations in the hospitality industry and beyond to prioritize cybersecurity measures and regularly update their systems to protect sensitive data from these persistent threats.
Disclaimer: The information in this report is based on internal and external research obtained through various sources. It is provided for reference purposes only, and individuals are responsible for their reliance on it. The Cyber Express does not assume any liability for the accuracy or consequences of using this information.
Related