Luna Hotels & Resorts, a Portuguese prominent hotel chain, has allegedly fallen victim to a cyber attack. The Medusa ransomware group, notorious for its malicious activities, has claimed responsibility for the attack.
In a post published on its leak site, the group stated that they had successfully infiltrated the systems of Luna Hotels & Resorts with a threat to publish the stolen data within the next 7-8 days.
The attack, if confirmed, also highlights the growing list of hospitality organizations suffering from data breaches.
Luna Hotels & Resorts Data breach
In a tweet, Threat intelligence service FalconFeed posted screenshots of the hacker collective’s post, stating that they had added the hotel to their victim list.
Accompanying the Luna Hotels & Resorts data breach announcement was a countdown timer, indicating that the stolen data would be made public in a weeks time.
The image also presented several options for the hotel chain to consider.
For a fee of $10,000, the attackers offered to extend the deadline by another day before the data would be released.
Alternatively, Luna Hotels & Resorts could pay a hefty sum of $100,000 to have all the stolen data permanently deleted, or they could opt to download the data themselves for the same price.
The Cyber Express has reached out to Luna Hotels & Resorts to confirm the incident. However, at the time of writing, the email contact details for Luna Hotels & Resorts seemed to be encountering technical difficulties.
Regrettably, this incident is not an isolated case within the hospitality industry.
Last year, the InterContinental Hotels Group (IHG), which owns and operates renowned brands such as Holiday Inn and Crowne Plaza, was targeted by a cyber attack that disrupted its booking systems and mobile applications. IHG confirmed the incident in a filing with the London Stock Exchange, acknowledging the disruption caused by the attack.
In another high-profile incident, the BBC reported that Holiday Inn, a subsidiary of the InterContinental Hotels Group, fell victim to a cyber attack in 2022.
IHG, known for its vast network of hotels worldwide, stated that it was investigating unauthorized access to several of its technology systems.
Hotel data breaches: Facts and figures
The sheer amount of guests that check in and check-outs of hotels makes the industry a prime target for hackers. “Cyber attacks in the hospitality sector aren’t an urban legend; they’re not one of those things that just happen to other people. They’re a real threat. And they’re happening all over the world”, says Reliable Networks.
With 9% of all attacks targeting the hospitality sector, it is one of the most vulnerable industries, alongside consumer goods, industrial, banking, and insurance.
The industry’s attractiveness to hackers lies in its high usage of online payment options and network-connected devices, providing multiple entry points to valuable data.
The cost of a data breach escalates rapidly in the hospitality industry, rising from $1.72 million in 2020 to $3.03 million in just one year, representing a staggering 76.2% increase.
The preferred entry point for cybercriminals in the sector is the internal network, comprising 64% of all attacks, with ecommerce activities and point-of-sale devices making up the rest.
With the growing threat, the majority of hospitality businesses need to prepare to handle cybersecurity challenges. Many require more expertise, skills, and confidence to respond effectively.
Surprisingly, the industry places less emphasis on cybersecurity than other sectors, with only 66% of hospitality businesses considering it a high priority, compared to 82% overall.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.