Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Passports and driver’s licences part of a 148-gigabyte data breach impacting luxury Sydney hotel.
The Akira ransomware gang has listed the Chinese-owned The Fullerton Hotels and Resorts as a victim on its darknet leak site and is claiming to have stolen more than 140 gigabytes of data.
“We are ready to upload more than 148 GB of essential corporate documents such as: NDA’s and corporate licenses, agreements and contracts, driver licences, passports and other employee and customer documents, financial data (audits, payment details, reports), etc,” Akira said in its leak post, dated 8 April.
The gang, as a rule, does not share evidence of its claims, nor any details of its ransom demands or deadline. However, like many ransomware actors, Akira casts itself as something of a penetration tester.
“Well, you are here. It means that you’re suffering from cyber incident right now,” the gang said on its leak site.
“Think of our actions as an unscheduled forced audit of your network for vulnerabilities. Keep in mind that there is a fair price to make it all go away.
“Remember. You are unable to recover without our help. Your data is already gone and cannot be traced to the place of final storage nor deleted by anyone besides us.”
Akira traces its history back to the Conti ransomware operation, which disbanded in 2022 following internal dissent over Russia’s invasion of Ukraine. Akira was first observed in March 2023 and has claimed 599 victims since then. It is currently one of the top 10 ransomware gangs in history and its most recent Australian victim was property developer TOGA, itself the operator of the TFE Hotels group, which revealed it had suffered a data breach in March.
As of January 2024, the US Cybersecurity and Infrastructure Security Agency estimated that Akira had received around US$42 million from its ransom demands.
The Fullerton Hotels and Resorts has confirmed it was the victim of a ransomware attack.
“On 24 March 2025, The Fullerton Hotel Sydney encountered a ransomware attack. As soon as the incident was detected, we immediately took steps to secure our IT systems and implement precautionary security measures. There was some impact on hotel operations, and we have mobilised additional resources to ensure uninterrupted services to our guests,” a hotel spokesperson said in an 9 April update on the group’s website.
“We have launched a comprehensive investigation to assess the full scope of the incident, and it appears that an unauthorised person gained access to and exfiltrated employee records and credit card details of a small number of hotel guests from the hotel’s IT systems. The affected individuals have been duly notified. If we identify that the intruder had access to any other guest personal information, we will notify the relevant individuals as required by law.”
The incident only impacted The Fullerton Hotel Sydney and not The Fullerton Hotels in Singapore and Hong Kong.
“We have reported the incident to the Office of the Australian Information Commissioner, and shall fully co-operate with that authority,” the spokesperson said.
The Fullerton Hotels and Resorts operates two hotels in Singapore, one in Hong Kong, and another in Sydney, in the former General Post Office building in Martin Place. The hotel chain is owned by the Hong Kong-based Sino Group.
Cyber Daily has reached out to The Fullerton Hotels and Resorts for comment on the extent of the alleged breach.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
