Recent ransomware incidents involving global hospitality giant Hyatt Hotels and U.S.-based technology distributor Ingram Micro have once again highlighted the growing threat posed by cybercriminal groups targeting large enterprises. In both cases, ransomware gangs have claimed responsibility for stealing and leaking sensitive corporate and employee data, raising concerns about data security and potential misuse.
Hyatt Hotels Data Appears on the Dark Web
Over the past few days, several hackers active on Telegram have claimed to be selling data allegedly stolen from the Hyatt hotel empire. According to these claims, the leaked information includes employee login credentials, internal financial data, and customer management system records. While the hackers are offering only a limited number of files for free download, cybersecurity experts believe this tactic is being used to authenticate the legitimacy of the breach and attract buyers for the full dataset.
Reports from Telegram-based cybersecurity monitoring channels suggest that a ransomware group known as NightSpire has taken responsibility for the attack. The gang claims it exfiltrated approximately 48.6GB of sensitive data from Hyatt’s servers during the second week of January. NightSpire has stated that the attack was intended to pressure the hospitality giant into paying a ransom. However, after Hyatt allegedly refused to comply with their demands, the group decided to publish a portion of the stolen data on dark web platforms.
The data reportedly released includes internal customer management system information, which could pose risks if exploited for fraud or identity theft. Hyatt has acknowledged awareness of the incident and confirmed that an internal investigation is underway. The company has stated that its incident response team is actively assessing the scope of the breach and will provide further updates once a detailed analysis is completed.
Ingram Micro Confirms Employee Data Theft
In a separate but equally serious incident, Ingram Micro has confirmed that it was targeted by the SafePay ransomware gang in July of last year. The company revealed that personal data belonging to approximately 42,000 employees was compromised during the attack. The stolen information reportedly includes Social Security numbers, driver’s license details, dates of birth, contact information, and employee names—data that could potentially be used in future social engineering or identity theft attacks.
SafePay ransomware operators claimed in late 2025 that they had stolen nearly 3.5 terabytes of data from Ingram Micro’s servers. The group also stated that the attack significantly disrupted customer service-related systems, amplifying the impact of the breach.
In response, Ingram Micro has assured stakeholders that it has strengthened its cybersecurity posture and implemented additional safeguards to prevent similar incidents in the future. The company confirmed that the attackers were part of a double-extortion ransomware operation, where data theft is combined with system encryption to increase pressure on victims.
Together, these incidents underscore the persistent and evolving threat of ransomware attacks, particularly against large organizations holding valuable personal and corporate data.
Join our LinkedIn group Information Security Community!
