The US’s Hyatt empire may have succumbed to a cyberattack. A ransomware gang, code-named NightSpire, posted on the Dark Web, claiming it had attacked the international corporation.
In the post, which went public on January 19th, attackers claim to have exfiltrated 48.5GB of sensitive data originating from the Hyatt Place Chelsea New York hotel.
Posting a victim on the dark web is a common tactic ransomware gangs use to pressure companies into paying ransoms. Apart from data samples, NightSpire has also dropped a link stating: “Contact for free download of this data.”
This might indicate that the negotiations fell apart, leaving no agreement on the table. In such a scenario, attackers often sell or drop an entire stolen dataset online for anyone to download, causing victims reputational damage.
What data was allegedly stolen from Hyatt?
The Cybernews research team has examined the data samples, which appear to be internal company documents. The data includes screenshots of:
Invoices
Expense reports with full employee names
Contact information
Signatures
Partner company data
The list of allegedly stolen files suggests that the documents may include employee credentials to their internal CMS. This might be extremely dangerous as it can increase the risk of an internal system breach.
“Exposed contact details and email signatures may not look dangerous on their own, but they give attackers exactly what they need to run convincing social engineering and fraud campaigns,” our research team said.
“If employee credentials prove to be compromised, the risk goes beyond scams. Stolen logins can be exploited to access internal tools, read sensitive communications, or move laterally across Hyatt’s network.”
According to our team, in the worst cases, attackers can quietly establish long-term access inside the organization.
Cybernews has reached out to the company’s representatives to verify the claims. A response and confirmation regarding the scope of the alleged attack are yet to be received.
If the claims prove to be legitimate, it would not be the first time that Hyatt workers' data has been leaked. At the beginning of 2025, Cybernews research uncovered that a US-focused hiring and onboarding platform, Foh&Boh, accidentally exposed millions of candidates’ CVs and resumes, including Hyatt Grand data.
Paulina Okunytė, Journalist
