Omni Hotels suffers data breach

Omni Dallas Hotel
Omni Dallas Hotel

Omni Hotels & Resorts warned customers that hackers stole payment-card information from the hotel chain by gaining access to its point-of-sale systems and installing malicious software. The malware may have operated between Dec. 23, 2015, and June 14, 2016, although most of the systems were affected during a shorter time frame, the company said. The company said it learned of the breach on May 30.

The chain did not disclose how many of its 60 properties were affected and the likely number of cardholders that could have been affected. As there is no indication that reservation or select guest membership systems were affected, users were unlikely to be affected unless they physically presented their payment card at a POS system at one of the affected locations.

More than 50,000 payment-card numbers related to the breach have been sold on criminal online forums by a hacker calling himself JokerStash, Andrei Barysevich, director of cybercrime research at Flashpoint, a company that researches criminal activity on the internet, told the Wall Street Journal. Flashpoint worked with payment-card issuers and payment processors on investigating the Omni breach. Hackers have been using the stolen information to make fraudulent purchases since late February, he said.

Virtual Event

HOTEL OPTIMIZATION PART 2 | SEPTEMBER 10 & 24, 2020

Survival in these times is highly dependent on a hotel's ability to quickly adapt and pivot their business to meet the current needs of travelers and the surrounding community. Join us for Optimization Part 2 – a FREE virtual event – as we bring together top players in the industry to discuss alternative uses when occupancy is down, ways to boost F&B revenue, how to help your staff adjust to new challenges and more, in a series of panels focused on how you can regain profitability during this crisis.


Barysevich believes that the criminals installed their malicious software on point-of-sale systems in Omni’s hotels and bars, a technique that was used on previous attacks against Hyatt Hotels Corp. , Starwood Hotels & Resorts Worldwide and Hilton Worldwide, he said.

An Omni spokesman couldn't immediately say how many customers were affected. The hackers stole cardholder names, card numbers, expiration dates and security codes, Omni said. The company said “there is no evidence” that other customer information, such as contact information or Social Security numbers, were affected.

Suggested Articles

The hospitality procurement services provider has been making sure hotels have everything they need to maintain guest and employee safety.  

Champions For Better Business assists hotels with the logistics of removing furniture, fixtures and equipment as part of a renovation or conversion.

After launching in North Carolina, the brand will expand into Virginia, Tennessee, South Carolina and Texas.