Share this Article

Here’s What You Should Know About the Omni Hotel Data Breach


Following a recent cyber assault on Omni Hotels & Resorts, leading to a temporary halt of its systems to safeguard and control its data, cybersecurity experts are advising individuals on measures they can adopt to safeguard their online security. Additionally, they are discussing the vulnerabilities confronting the hospitality sector on a broader scale.

The company stated in a communication following the cyberattack on Friday, March 29, that they are presently engaged in assessing the extent of the event, including any implications for data or information stored on Omni systems. They further mentioned that their investigation into the incident is ongoing, and they are collaborating with external experts in this endeavor.

Upon discovering the issue, Omni promptly deactivated specific systems, noting that most of which have since been reinstated, and initiated an investigation with a prominent cybersecurity response team, which is ongoing.

The Dallas-headquartered upscale hospitality chain, boasting over 50 properties across the U.S. and Canada, initially confirmed the outage via social media. Omni assured customers that it would provide updates on its cyber attack update page “as new communications become available” and advised guests to reach out to travel planners or the hotel directly for inquiries regarding their stays or guest experiences.

The company’s statement further expressed its commitment to restoring the remaining systems to full functionality while extending a warm welcome to guests and continuing to accept new reservations. Omni apologized for the inconvenience caused by the cyberattack, emphasizing that guest care and comfort remain their top priorities. They expressed gratitude for the dedicated efforts of their teams in upholding the Omni experience expected by guests.

How Omni Guests Can Stay Safe From Cyberattacks

Clint Calvin, COO of LG Networks, Inc and a cybersecurity expert with many years of experience in both private and government sectors, including working with clients in the hospitality and travel industry, shares his advice regarding steps individuals should take to safeguard themselves following a breach.

Calvin emphasized that every company is susceptible to cybercriminal targeting, highlighting data breaches, ransomware attacks, extortion, and stolen credit card information as common occurrences. He stressed the importance of understanding how to respond effectively, outlining necessary actions and awareness.

“For consumers affected by a hotel breach, the immediate concern may revolve around financial implications,” Calvin noted. “It’s crucial to ascertain which credit card information was compromised during the incident. Vigilantly monitoring the affected credit card for any signs of fraudulent activity or identity theft is essential. Additionally, considering replacing the compromised credit card could be advisable.”

Calvin further advised individuals to consider the personal information they have shared or transmitted to the hotel, including details such as name, address, phone number, and email address. He cautioned against potential risks such as phishing scams and various forms of social engineering attacks.

For travelers within the country, Calvin recommended verifying whether they provided their driver’s license information, while for international travelers, he suggested reviewing any passport information provided.

Calvin underscored that such information could potentially be exploited for further identity theft or to make individuals vulnerable to scams.

Why Hotels Are More Susceptible to Cyberattacks

Calvin also explains what makes the hospitality industry so susceptible to cyberattacks like the one on Omni Hotels & Resorts.

When cyber criminals target specific industries and companies, “they are seeking the largest payout in the most expedient time possible,” Calvin said, adding that with service-oriented businesses, “that does cause a time clock to speed up on their end in terms of every hour, day, week, that that industry is down.”

“Especially for the hospitality industry or transportation — if those are unable to be up and running and operational, then they are literally losing money each and every minute, hour, day and week,” he said. “That can bring about swifter decisions [by a company] to get back up and get clients back onto the platform, back into their hotel rooms, back into their kind of service experience.”

He highlighted the trust guests place in these establishments to safeguard their information, noting that breaches erode this trust to some extent. However, Calvin emphasized that cybercrime, including attacks such as ransomware and data breaches, is an unavoidable reality for most major companies.

He stressed the importance for consumers to assess how companies handle breaches, focusing on whether they communicate clearly, ethically, and consistently. Calvin suggested that consumers should evaluate whether companies provide comprehensive explanations of the situation to the best of their knowledge at that particular moment.

Some Measures to Mitigate Cyberattacks

  • The primary step, he emphasized, is to establish and maintain an up-to-date cybersecurity program within the company, ensuring awareness of prevailing threats and risks, with regular updates at least annually.
  • Secondly, Calvin highlighted the importance of governance and oversight, particularly in terms of enterprise risk management, which should be overseen by both the board and executive leadership. He stressed the necessity for clear understanding of risks to effectively mitigate them.
  • Thirdly, Calvin emphasized the significance of robust incident response measures, recognizing that security incidents are inevitable. He underscored the importance of knowing how to identify, manage, and respond to such events effectively.