The notorious hacker group Play has claimed Firmdale Hotels data breach, targeting crucial files and documents. The threat actor announced the breach via a post on their dark web channel.
According to the post, the ransomware gang claimed this cyber attack on September 4, 2023, at 23:32 UTC +3. The cyberattack, orchestrated by the Play ransomware gang, has once again cast a shadow on the vulnerability of the hospitality industry.
Firmdale Hotels, an esteemed collection of ten luxury hotels in London and New York, is known for its impeccable service and award-winning properties.
Firmdale Hotels data breach: Sensitive information at risk!
Source: Twitter
In their dark web message, the Play ransomware gang indicated that they had gained access to a substantial amount of sensitive data belonging to Firmdale Hotels.
This included private and personal confidential data such as client and employee documents, contracts, IDs, passports, client scans, HR records, and financial information.
At the time of their message, a compressed 5GB of this data had been partially published, with a looming threat of a complete data dump if there was no reaction from Firmdale Hotels.
The Cyber Express has reached out to the organization to learn more about the alleged Firmdale Hotels data breach claim by the Play ransomware gang. However, at the time of writing this, no official statement or response had been received from the company.
Hotel data breaches, vulnerabilities and more
The Firmdale Hotels data breach is not an isolated incident. In recent years, the hospitality industry has become a prime cyberattack target.
This sector, driven by an ever-increasing reliance on online business and internet transactions, has witnessed a surge in sophisticated attacks aimed at compromising sensitive data.
Hotels process countless credit card payments daily, making them attractive targets for hackers seeking financial gain. Cybercriminals exploit vulnerabilities in hotel websites, systems, servers, and even front desk operations to gain unauthorized access to guest information.
The consequences of such breaches are severe, including investigations, damage to reputation, loss of consumer trust, and significant financial penalties.
In 2018, Marriott revealed that hackers had attempted to access its guest reservation database, dating back to 2014, two years before Marriott acquired Starwood.
This breach potentially exposed sensitive information of up to 500 million guests, including payment card details.
Orbitz and Other travel companies, like Orbitz and, have also grappled with data security issues, compromising the personal information of hundreds of thousands of customers. 
The Firmdale Hotels data breach is an ongoing story, and we’ll update this post once we have more information or official confirmation from the company.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.