Luna Hotels & Resorts, a prominent Portuguese hotel chain, is reportedly the latest victim of a cyber attack. The notorious Medusa ransomware group has claimed responsibility for infiltrating the hotel’s systems and threatens to release stolen data within the next week.
According to a post on the group’s leak site, Luna Hotels & Resorts has been successfully breached by the Medusa ransomware group. The group has warned that if their demands are not met, they will make the stolen data public in the next 7-8 days. This incident highlights the growing list of hospitality organizations experiencing data breaches.
Screenshots of the hacker collective’s post were shared by threat intelligence service FalconFeed on Twitter. The screenshots indicate that Luna Hotels & Resorts has been added to the group’s victim list, further confirming the cyber attack.
In addition to the breach announcement, the Medusa ransomware group presented several options for Luna Hotels & Resorts. The hotel chain could pay a fee of $10,000 to extend the deadline before the data is released. Alternatively, they could pay $100,000 to have all the stolen data permanently deleted or download the data themselves for the same price.
Attempts have been made to reach out to Luna Hotels & Resorts for confirmation of the incident. Unfortunately, the email contact details for the hotel seem to be experiencing technical difficulties at the time of writing.
This incident is not an isolated case within the hospitality industry. In the past, other prominent hotel chains such as InterContinental Hotels Group (IHG) have also fallen victim to cyber attacks. IHG, which owns brands like Holiday Inn and Crowne Plaza, experienced a cyber attack that disrupted its booking systems and mobile applications. The incident was confirmed by IHG in a filing with the London Stock Exchange.
The hospitality industry is a prime target for cyber attacks due to the large number of guests and frequent transactions. Reliable Networks warns that cyber attacks in the hospitality sector are a real threat worldwide. Alongside consumer goods, industrial, banking, and insurance, the hospitality sector is one of the most vulnerable industries, with 9% of all attacks targeting it.
Hackers find the industry attractive due to its high usage of online payment options and network-connected devices. These provide multiple entry points to valuable data. As a result, the cost of data breaches in the hospitality industry has increased rapidly, rising from $1.72 million in 2020 to $3.03 million in just one year, representing a 76.2% increase.
The preferred entry point for cybercriminals in the sector is the internal network, accounting for 64% of all attacks. E-commerce activities and point-of-sale devices make up the rest. Despite the growing threat, the hospitality industry places less emphasis on cybersecurity compared to other sectors. Only 66% of hospitality businesses consider it a high priority, compared to 82% overall.
As Luna Hotels & Resorts grapples with the aftermath of this cyber attack, it serves as a reminder to the entire hospitality industry of the importance of prioritizing cybersecurity. Implementing robust security measures and staying vigilant against potential threats is essential to protect sensitive customer data and safeguard the reputation of hotels and resorts worldwide.
Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.