[BreachExchange] Luxury hotel chain in Thailand reports data breach

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Fri Oct 29 09:32:30 EDT 2021


https://www.zdnet.com/article/luxury-hotel-chain-in-thailand-reports-data-breach/


A luxury hotel chain in Thailand is reporting a data breach thanks to a
notorious group of cybercriminals who have been behind a spate of attacks
in recent weeks.

Thirayuth Chirathivat, CEO of Centara Hotels & Resorts, said in a statement
that on October 14, they were "made aware" of a cyberattack on the hotel
chain's network.

An investigation confirmed that cyberattackers had in fact breached their
system and accessed the data of some customers. The data accessed includes
names, booking information, phone numbers, email addresses, home addresses
and photos of IDs.

The company did not say if the IDs accessed included passports, which are
often asked for by hotels like Centara Hotels & Resorts.

"Whilst the breach has been successfully contained, the investigation into
the source, root cause and complete extent of the incident remains ongoing,
and we will provide more information when it becomes available,"
Chirathivat said.

Chirathivat went on to urge the hotel's customers to "change their
passwords as soon as possible, and to remain aware of any suspicious or
unsolicited calls and/or emails requesting personal information."

"We can confirm that we at Centara Hotels & Resorts will not be contacting
you to ask for any personal identifiable information," Chirathivat added,
noting that anyone with questions should email or call the hotel.

The Desorden Group -- which claimed responsibility for two recent attacks
on laptop maker Acer -- said it was behind the attack on Centara Hotels &
Resorts.

In addition to the hack on Centara Hotels & Resorts, Desorden claimed to
have breached the servers of Central Group, which owns the hotel chain and
more than 2,000 restaurants across Thailand. That breach involved 80GBs of
files, including personal information of customers and business details of
each restaurant.

In messages to ZDNet, the group claimed the hotel hack was part of the
larger attack on Central Group. Central Group is owned by the Chirathivat
family, who are worth $11.6 billion. The family, led by Tos Chirathivat,
controls thousands of food, fashion, property and building materials
businesses across Thailand.

The hacker group, which has attacked a number of companies across Asia in
recent years, would not respond to questions about whether this was a
ransomware attack but claimed they "basically brought down their entire
backend, which consists of 5 servers."

They said they stole 400GB of files over the course of 10 days and added
that the data includes information about anyone who stayed at any of the 70
luxury hotels owned by the Thai conglomerate between 2003 and 2021. They
claimed the data includes people's passport numbers and ID numbers. There
was even data from people who booked in advance until December 2021.

The stolen files also allegedly include business data and employee
information.

The group tried to claim that they were "assisting" the hotel by showing
them how they might "mitigate future attacks" and said they were the ones
who notified the company that they had been hacked.

Operators connected to Desorden said they were negotiating a ransom payment
of $900,000, but the company backed out of the deal on Tuesday. The group
is now threatening to leak the information.

Centara Hotels & Resorts and Central Restaurants Group did not respond to
requests for comment about the claims made by the hackers.

The Desorden Group also claimed an attack on the Malaysian servers of ABX
Express Enterprise in September.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211029/142d0b8e/attachment.html>


More information about the BreachExchange mailing list