Omni Hotels and Resorts has confirmed that a cyberattack was responsible for the US-based luxury hospitality chain’s IT systems’ shutdown since Friday.
Through a message on its website, Omni told customers it has initiated an investigation into the attack and is taking necessary steps to protect user data.
“Since Friday, March 29, Omni Hotels & Resorts has been responding to a cyberattack on its systems,” the company said in the notice. “Upon learning of this issue, Omni immediately took steps to shut down its systems to protect and contain its data. As a result, certain systems were brought offline, most of which have been restored. Omni quickly launched an investigation with a leading cybersecurity response team, which is ongoing.”
The message includes a support FAQ section to help customers with their queries.
Outage impacted customer experience
Omni’s chain-wide IT systems outage that lasted four days impacted reservations, hotel room door locks, and point-of-sale (POS) systems, according to social media posts made by its customers.
“It’s pretty bad. They have it so you have to text them to come let you into your room, and it usually takes 30+ minutes for an employee to get there and unlock it for you,” a customer said on Monday in a Reddit post.
As the Omni online systems were out, the company resorted to an offline mode of running critical business operations, including manual check-ins. “Checking in on paper, no card machines work, even room keys do not work,” said another hotel guest who was staying at the Louisville Omni. “Everyone has to be escorted to their room by an employee and the phones and Wi-Fi are down.”
Omni took to social media channels on Monday to apologize for the outage and requested customers for patience. “Dear valued guests, our technology teams are continuing to work on restoring our systems that are currently down,” Omni said on X and Facebook. “Your business is very important to us; we appreciate your patience and apologize for the disruption.”
Omni had reportedly blocked comments on these social media posts, allowing users to only like and share.
Omni’s phone helplines were also affected by the outage, with functions limited under a recorded message that said, “Thank you for calling Omni Hotels and Resorts. We are sorry we are currently experiencing technical difficulties and are unable to answer your call. Please try your call again at a later time.”
No information on the attack
Omni has refrained from sharing additional details on the attack, offering zero clarity on whether it’s a ransomware attempt, a denial-of-service attack, or any other form of cyber-extortion.
Hospitality chains are popular ransomware targets as operational disruptions are more damaging to their daily businesses and attackers can usually extort huge payouts.
A recent ransomware attack on MGM Resorts cost the company $100 million overall in operations as the hospitality giant refused to pay up the attacker — BlackCat — a notorious gang that targeted US healthcare systems in retaliation to a federal seizure of its assets in December 2023.
In the message, Omni said it has restored many operations affected by the attack and is working to get the rest up soon. “As part of our response to this incident, certain systems were brought offline; most have since been restored, and our teams are working diligently to get the remaining systems up and running,” it said.
Omni’s official website responsible for making reservations, which currently displays the attack message, was also down on Friday before the hosting resumed on the weekend with a message that said, “Dear valued guest, we are currently experiencing technical difficulties, please try back at a later time.”
While Omni is still working to determine the scope of the event, including the impact on any data or information maintained on Omni systems, it said normalcy has been restored for the customers and they can now reserve and use Omni’s services as before.
“Our website is operational, and we continue to welcome our guests and accept new reservations,” Omni shared through the FAQ section.