Cyber Incident Victim: Centara Hotels & Resorts

On October 14, 2021, Centara Hotels & Resorts, a luxury hotel chain in Thailand, was alerted to a cyberattack compromising its network systems. An investigation confirmed unauthorized access by threat actors who exfiltrated sensitive guest data, including full names, booking details, phone numbers, email addresses, home addresses, and photographs of identification documents such as passports. The breach impacted records spanning nearly two decades, from 2003 to 2021. The Desorden Group, a cybercriminal collective, publicly claimed responsibility for the intrusion, asserting they extracted approximately 400GB of files over a 10-day period. The group demanded a $900,000 ransom and threatened to release the stolen data publicly after negotiations with Centara reportedly collapsed.

Centara CEO Thirayuth Chirathivat issued a formal statement acknowledging the breach and urging affected customers to promptly change account passwords and monitor for suspicious activity. The company did not disclose technical details regarding the attack vector, containment measures, or system restoration processes. Central Group, Centara’s parent company, declined to comment on the Desorden Group’s ransom allegations or the validity of their data leak threats. The incident exposed long-term vulnerabilities in Centara’s data retention practices, given the breadth of historical records accessed. No evidence of financial data compromise was cited, though the theft of personally identifiable information and travel documents elevated risks of identity theft and phishing campaigns targeting guests.