Cyber Incident Victim: Atrium Hospitality
Date:
Dec 2017
Location:
United States of America
Summary
A ransomware incident potentially compromised sensitive guest information at a Holiday Inn Sacramento location, impacting 376 individuals. The malware, discovered on a workstation, had malicious capabilities and may have accessed names, driver's license numbers, passport details, and payment card data. The hospitality firm engaged third-party forensic investigators and notified 182 affected guests by mail, though address limitations prevented notifications for the remaining 194 individuals. State regulators were informed as required, though no actual misuse of the exposed information was confirmed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 8, 2017, Atrium Hospitality discovered a ransomware incident impacting a workstation at the Holiday Inn Sacramento hotel. The organization immediately isolated the affected workstation from its network and initiated an investigation with assistance from a third-party forensic firm. The investigation confirmed the malware possessed potentially malicious capabilities, though the specific ransomware variant or initial attack vector was not publicly disclosed. Atrium Hospitality did not detect evidence of active data exfiltration or system encryption during the initial discovery phase. The investigation continued for over two months to assess potential data exposure.
By February 14, 2018, forensic analysis determined that personal information belonging to 376 hotel guests was potentially accessible due to the incident. The compromised data included names, driver’s license numbers, passport numbers, and credit or debit card information. Atrium Hospitality initiated notification procedures via U.S. Mail to 182 affected guests for whom physical addresses were available, while 194 guests could not be notified due to missing contact information. The organization concurrently fulfilled regulatory reporting obligations to relevant state authorities. No evidence of actual or attempted misuse of the exposed data was identified during the investigation. Atrium Hospitality advised all potentially impacted individuals to monitor financial accounts and credit reports despite the absence of confirmed misuse.