Cyber Incident Victim: Omni Hotels & Resorts
Date:
Mar 2024
Location:
United States of America
Summary
A cyberattack disrupted Omni Hotels & Resorts' operations, prompting an immediate system shutdown to contain the incident. Critical systems, including reservations, point-of-sale terminals, and electronic door locks, were taken offline, leading to manual check-ins, escorted room access, and temporary payment processing limitations. While most systems were restored promptly, residual outages affected phone services and internal communications. The hospitality chain maintained guest reservations via its website and direct contacts despite operational challenges. An investigation with external cybersecurity experts is ongoing to determine potential data compromise. Staff reported significant operational stress, and the incident drew parallels to prior ransomware attacks in the hospitality sector, though no explicit confirmation of ransomware or data theft was provided.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 29, 2024, Omni Hotels & Resorts experienced a cyberattack that disrupted its operations across more than 50 properties in the US and Canada. The attack prompted an immediate shutdown of multiple IT systems to contain the threat, resulting in widespread technical failures. Reservation systems, point-of-sale terminals, electronic room key systems, phone networks, and Wi-Fi services were rendered inoperable. Guests reported manual check-in processes requiring paper forms, escorted access to rooms by staff due to malfunctioning door locks, and delays of 30 minutes or more for room entry requests. Employees described operational chaos, with one Reddit user claiming hotels could only honor pre-existing reservations and expressing concerns about lost revenue and customer loyalty. The outage persisted for several days, affecting operations during the Easter holiday weekend, though physical hotel facilities remained open, and staff continued providing services using workarounds.
Omni Hotels launched an investigation with an external cybersecurity response team and began restoring systems within days, with most critical functions operational by the time of their March 29 public update. The company confirmed guest reservations could be made via its website, direct hotel calls, or travel planners, while Select Guest loyalty program credits remained secure. No data breach or ransomware involvement was explicitly confirmed, though the investigation into potential data compromise continued. Financial repercussions were acknowledged indirectly through employee statements citing expected multimillion-dollar losses. System recovery efforts prioritized reservation capabilities and guest-facing services, though phone systems remained nonfunctional as of April 3, with callers receiving prerecorded outage messages. The incident required sustained manual operational adjustments by hotel staff to maintain basic guest services during the restoration process.