A luxury hotel chain in Thailand is reporting a data breach thanks to a notorious group of cybercriminals who have been behind a spate of attacks in recent weeks.
Thirayuth Chirathivat, CEO of Centara Hotels & Resorts, said in a statement that on October 14, they were “made aware” of a cyberattack on the hotel chain’s network.
An investigation confirmed that cyber attackers had in fact breached their system and accessed the data of some customers. The data accessed includes names, booking information, phone numbers, email addresses, home addresses and photos of IDs.
The company did not say if the IDs accessed included passports, which are often asked for by hotels like Centara Hotels & Resorts.
“Whilst the breach has been successfully contained, the investigation into the source, root cause and complete extent of the incident remains ongoing and we will provide more information when it becomes available,” Chirathivat said.
Chirathivat went on to urge the hotel’s customers to “change their passwords as soon as possible, and to remain aware of any suspicious or unsolicited calls and/or emails requesting personal information.”
“We can confirm that we at Centara Hotels & Resorts will not be contacting you to ask for any personal identifiable information,” Chirathivat added, noting that anyone with questions should email or call the hotel.
The Desorden Group — which claimed responsibility for two recent attacks on laptop maker Acer — said it was behind the attack on Centara Hotels & Resorts.
In addition to the hack on Centara Hotels & Resorts, Desorden claimed to have breached the servers of Central Group, which owns the hotel chain and more than 2,000 restaurants across Thailand. That breach involved 80 GBs of files including personal information of customers and business details of each restaurant.
In messages to ZDNet, the group claimed the hotel hack was part of the larger attack on Central Group. Central Group is owned by the Chirathivat family, who are worth $11.6 billion. The family, led by Tos Chirathivat, controls thousands of food, fashion, property and building materials businesses across Thailand.
The hacker group, which has attacked a number of companies across Asia in recent years, would not respond to questions about whether this was a ransomware attack but claimed they “basically brought down their entire backend, which consists of 5 servers.”
They said they stole 400 GB of files over the course of 10 days and added that the data includes information about anyone who stayed at any of the 70 luxury hotels owned by the Thai conglomerate between 2003 and 2021. They claimed the data includes people’s passport numbers and ID numbers. There was even data from people who booked in advance until December 2021.
The stolen files also allegedly include business data and employee information.
The group tried to claim that they were “assisting” the hotel by showing them how they might “mitigate future attacks” and said they were the ones who notified the company that they had been hacked.
Operators connected to Desorden said they were negotiating a ransom payment of $900,000 but the company backed out of the deal on Tuesday. The group is now threatening to leak the information.
Centara Hotels & Resorts and Central Restaurants Group did not respond to requests for comment about the claims made by the hackers.
The Desorden Group also claimed an attack on the Malaysian servers of ABX Express Enterprise in September.