From Digital Age to Nano Age. WorldWide.

Tag: data

Robotic Automations

Mozilla finds that most dating apps are not great guardians of user data | TechCrunch


Dating apps are not following great privacy practices and are collecting more data than ever in order to woo GenZ users, a new study by Mozilla pointed out. Researchers reviewed dating apps in terms of privacy in 2021. In the latest report, they noted that dating apps have become more data-hungry and intrusive.

The organization studied 25 apps and labeled 22 of them ” Privacy Not Included” — the lowest grade in Mozilla’s parlance. Mozilla only gave Queer-owned and operated Lex a positive review, with Harmony and Happn getting a passable rating.

Mozilla said 80% of the apps may share or sell your personal data for advertising purposes. The report noted that apps like Bumble have murky privacy clauses that might sell your data to advertisers.

“We use services that help improve marketing campaigns . . . Under certain privacy laws, this may be considered selling or sharing your personal information with our marketing partners,” an in-app popup says, as noted by Mozilla.

The report noted that the majority of apps, including Hinge, Tinder, OKCupid, Match, Plenty of Fish, BLK, and BlackPeopleMeet, had precise geolocation from users. Apps like Hinge collect location data in the background when the app is not in use.

“The collection of your geolocation may occur in the background even when you aren’t using the services if the permission you gave us expressly permits such collection. If you decline permission for us to collect your precise geolocation, we will not collect it, and our services that rely on precise geolocation may not be available to you,” Hinge’s policy states.

The insidious role of data brokers

Dating apps claim that they collect a significant amount of data to find better matches for users. However, if that data ends up with data brokers, there are grave consequences. Last year, the Washington Post reported that a U.S.-based Catholic group bought data from Grindr to monitor some members.

Notably, Grindr — which got one of the lowest ratings under Mozilla’s review — has had a record of lapses in privacy and security practices.

“If dating apps think people are going to keep handing over their most intimate data – basically, everything but their mother’s maiden name – without finding love, they’re underestimating their users. Their predatory privacy practices are a dealbreaker,” Zoë MacDonald, researcher and one of the authors of the report, said in a statement.

As per data from analytics firm data.ai, dating app downloads are slowing down. Separately, data from Pew Research published last year suggests that only three in 10 adults have ever used a dating site or an app — a figure that has stayed the same since 2019. Last month, The New York Times published a report noting that dating app giants Match Group and Bumble have lost more than $40 billion in market value since 2021.

Companies are now looking towards new ways to engage potential daters, including experimenting with AI-powered features. Match Group already said during its Q3 2024 earnings this year that it plans to leverage AI. In March, Platformer reported that Grindr plans to introduce an AI chatbot that could engage in sexually explicit language.

Mozilla said that apps already use AI to match algorithms. With the onset of generative AI, researchers are not confident that dating apps will have enough protections for user privacy.

Mozilla privacy researcher Misha Rykov said that, as dating apps collect more data, they have a duty to protect that data from being exploited.

“To forge stronger matches users have to write compelling profiles, fill out numerous interest and personality surveys, asses and charm matches, share pictures and videos — the whole experience is heavily dependent on how much information people share. By this virtue, dating apps must protect this data from exploitation,” he noted.

Earlier this year, Mozilla also evaluated a bunch of AI bots that could act as a romantic partner and found some serious concerns about security and data sharing practices of these bots.


Software Development in Sri Lanka

Robotic Automations

UnitedHealth says Change hackers stole health data on 'substantial proportion of people in America' | TechCrunch


Health insurance giant UnitedHealth Group has confirmed that a ransomware attack on its health tech subsidiary Change Healthcare earlier this year resulted in a huge theft of Americans’ private healthcare data.

UnitedHealth said in a statement on Monday that a ransomware gang took files containing personal data and protected health information that it says may “cover a substantial proportion of people in America.”

The health insurance giant did not say how many Americans are affected but said the data review was “likely to take several months” before the company would begin notifying individuals that their information was stolen in the cyberattack.

Change Healthcare processes insurance and billing for hundreds of thousands of hospitals, pharmacies and medical practices across the U.S. healthcare sector; it has access to massive amounts of health information on about half of all Americans.

UnitedHealth said it had not yet seen evidence that doctors’ charts or full medical histories were exfiltrated from its systems.

The admission that hackers stole Americans’ health data comes a week after a new hacking group began publishing portions of the stolen data in an effort to extort a second ransom demand from the company.

The gang, which calls itself RansomHub, published several files on its dark web leak site containing personal information about patients across an array of documents, some of which included internal files related to Change Healthcare. RansomHub said it would sell the stolen data unless Change Healthcare pays a ransom.

RansomHub is the second gang to demand a ransom from Change Healthcare. The health tech giant reportedly paid $22 million to a Russia-based criminal gang called ALPHV in March, which then disappeared, stiffing the affiliate that carried out the data theft out of their portion of the ransom.

RansomHub claimed in its post alongside the published stolen data that “we have the data and not ALPHV.”

In its statement Monday, UnitedHealth acknowledged the publication of some of the files but stopped short of claiming ownership of the documents. “This is not an official breach notification,” UnitedHealth said.

The Wall Street Journal reported Monday that the criminal hacking affiliate of ALPHV broke into Change Healthcare’s network using stolen credentials for a system that allows remote access to its network. The hackers were in Change Healthcare’s network for more than a week before deploying ransomware, allowing the hackers to steal significant amounts of data from the company’s systems.

The cyberattack at Change Healthcare began on February 21 and resulted in ongoing widespread outages at pharmacies and hospitals across the United States. For weeks, physicians, pharmacies and hospitals could not verify patient benefits for dispensing medications, organizing inpatient care, or processing prior authorizations necessary for surgeries.

Much of the U.S. healthcare system ground to a halt, with healthcare providers facing financial pressure as backlogs grow and outages linger.

UnitedHealth reported last week that the ransomware attack has cost it more than $870 million in losses. The company reported it made $99.8 billion in revenue during the first three months of the year, faring better than what Wall Street analysts had expected.

UnitedHealth CEO Andrew Witty, who received close to $21 million in total compensation the full year of 2022, is set to testify to House lawmakers on May 1.


Software Development in Sri Lanka

Robotic Automations

AT&T notifies regulators after customer data breach | TechCrunch


AT&T has begun notifying U.S. state authorities and regulators of a security incident after confirming that millions of customer records posted online last month were authentic.

In a legally required filing with Maine’s attorney general’s office, the U.S. telco giant said it sent out letters notifying more than 51 million people that their personal information was compromised in the data breach, including around 90,000 individuals in Maine. AT&T also notified California’s attorney general of the breach.

AT&T — the largest telco in the United States — said that the breached data included customers’ full name, email address, mailing address, date of birth, phone number and Social Security number.

Leaked customer information dated back to mid-2019 and earlier. According to AT&T the records contained valid data on more than 7.9 million current AT&T customers.

AT&T took action some three years after a subset of the leaked data first appeared online, which prevented any meaningful analysis of the data. The full cache of 73 million leaked customer records was dumped online last month, allowing customers to verify that their data was genuine. Some of the records included duplicates.

The leaked data also included encrypted account passcodes, which allow access to customer accounts.

Soon after the full dataset was published, a security researcher notified TechCrunch that the encrypted passcodes found in the leaked data were easy to decipher. AT&T reset those account passcodes after TechCrunch alerted AT&T on March 26 to the risk posed to customers. TechCrunch held its story until AT&T could complete the process of resetting affected customer passcodes.

AT&T eventually acknowledged that the leaked data belongs to its customers, including about 65 million former customers.

Companies experiencing data breaches that affect large numbers of people are required to disclose the incident with U.S. attorneys general under state data breach notification laws. In its notices filed in Maine and California, AT&T said it is offering identity theft and credit monitoring to affected customers.

AT&T has still not identified the source of the leak.


Software Development in Sri Lanka

Robotic Automations

Cape dials up $61M from a16z and more for mobile service that doesn't use personal data | TechCrunch


AT&T’s recent mega customer data breach — 74 million accounts affected — laid bare how much data carriers have on their users, and also that the data is there for the hacking. On Thursday, a startup called Cape — based out of  Washington, D.C., and founded by a former executive from Palantir — is announcing $61 million in funding to build what it claims will be a much more secure approach: It won’t be able to leak your name, address, Social Security number or location because it never asks for these in the first place.

“You can’t leak or sell what you don’t have,” according to the company’s website. “We ask for the minimal amount of personal information and store sensitive credentials locally on your device, not on our network. That’s privacy by design.”

The funding is notable in part because Cape’s appeal to users is not yet proven. The company only came out of stealth four months ago, and it has yet to launch a commercial service for consumers. That’s due to come in June, CEO and founder John Doyle said in an interview. It has one pilot project in operation, deploying some of its tech with the U.S. government, securing communications on Guam.

The $61 million it announced Thursday is an aggregation across three rounds: a seed and Series A of $21 million (raised when it was still in stealth mode as a company called Private Tech) and a Series B of $40 million. The latest round is being co-led by A-Star and a16z, with XYZ Ventures, ex/ante, Costanoa Ventures, Point72 Ventures, Forward Deployed VC and Karman Ventures also participating. Cape is not disclosing its valuation.

Doyle attracted that investor attention in part because his past roles have included nearly nine years of working for Palantir as the head of its national security business. Prior to that, he was a special forces sergeant in the U.S. Army.

Those jobs exposed him to users (like government departments) who treated the security of personal information and privacy around data usage as essential. But, more entrepreneurially, they also got him thinking about consumers.

With the big focus that data privacy and security have today in the public consciousness — typically because of the many bad-news stories we hear about data breaches, the encroaching activities of social networks, and many questions about national security and digital networks — there is a clear opportunity to build tools like these for ordinary people, too, even if it feels like that might be impossible these days.

“It’s actually one of the reasons I started the company,” he told TechCrunch. “It feels like the problem is too big, right? It feels like our data is already out already out there and all these different ways and there’s really nothing to be done about it. We’ve all adopted a learned helplessness around the ability to be connected, but  have some sort of private, some sort of control over our own data, but that’s not necessarily true.”

Cape’s first efforts will be focused on providing eSIMs to users, which Doyle said would be sold essentially on a prepaid format to avoid the data that a contract might entail. Cape on Thursday also announced a partnership with UScellular, which itself provides an MNVO covering 12 cellular networks; Doyle said that Cape is talking with other telcos, too. Initially, it’s unlikely to bundle that eSIM with any mobile devices, although that also is not off the table for the future, Doyle said. Nor will the company provide encryption services around apps, voice calls and mobile data, at least not initially.

“We’re not focused on securing the content of communications. There’s a whole host of app-based solutions out there, apps out there like Proton Mail and Signal, and WhatsApp and other encrypted messaging platforms that do a good job, to varying degrees, depending on who you trust for securing the contents of your communications,” he said. “We are focused on your location and your identity data, in particular, as it relates to connecting to commercial cellular infrastructure, which is a related but separate set of problems.”

Cape’s not the only company in the market that is trying (or has tried, past-tense) to address privacy in the mobile sphere, but none of them has really made a mark so far. In Europe, recent efforts include the MVNO Murena, the OS maker Jolla, and the hardware company Punkt. Those that have come and gone include the Privacy Phone (FreedomPop) and Blackphone (from Geeksphone and Silent Circle).

There’s already the option to buy a prepaid SIM in the U.S. anonymously, but Cape points out that this has other trade-offs and isn’t as secure as what Cape is building. Although payments for this might be anonymous, a user’s data is still routed through the network infrastructure of the underlying carrier, making a user’s movements and usage observable. You can also still be open to SIM swap attacks and spam.

For a16z, the investment is becoming a part of the firm’s “American Dynamism” effort, which this week got a $600 million boost from the latest $7.2 billion in funds that the VC raised.

“Cape’s technology is an answer to long-standing, critical vulnerabilities in today’s telecom infrastructure that impacts everything from homeland security to consumer privacy,” said Katherine Boyle, general partner at a16z, in a statement. “The team is the first to apply this caliber of R&D muscle to rethinking legacy telecom networks, and are well placed to reshape the way mobile carriers think about their subscribers — as customers instead of products.”


Software Development in Sri Lanka

Robotic Automations

For Dataplor’s data intelligence tool, it’s all about location, location, location | TechCrunch


If you want to get your product in a grocery store in Mexico City, Dataplor has global location intelligence to help you do that.

Founder and CEO Geoffrey Michener started the company in 2016 to index micro businesses in emerging markets. The company raised $2 million in 2019 to bring Latin American food delivery vendors online.

Dataplor uses artificial intelligence, machine learning, large language models and a purpose-built technology platform to take in public domain data.

While that is not totally unique — there are companies like ThoughSpot, Esri and Near doing something similar around business and location intelligence — Dataplor’s “secret sauce” is combining all of that technology and public domain data with a human factor. The company recruits and trains over 100,000 human validators, called Explorers, to validate all the data via computer. In addition, no personally identifiable information is used.

What results is answers to questions like “How many Taco Bell locations were opened across South America last year?” or “What percentage of Walmarts in Europe are located near a fast food restaurant?”

The company has since amassed more than 300 million point of interest records (POI) on over 15,000 brands — data like physical location, hours, contact information, whether they accept credit cards and consumer sentiment — in over 200 countries and territories.

Dataplor then licenses that data to companies in a wide variety of industries, including third-party logistics, real estate and finance, like American Express, iZettle and PayPal. More than 35 Fortune 500 brands already use Dataplor.

Dataplor’s location intelligence tool showing close rates. Image Credits: Dataplor

“Company 10-Ks are always six months late, so it’s hard to know if a company, for example, Starbucks, what their open or close rates are,” Michener told TechCrunch. “Other companies also want to know if one of their competitors closed or what are the other businesses around there so they can see if they can put a location there. We are trying to empower their decision-making.”

The company has also grown revenue by an average of 2.5x year-over-year since 2020, and is on track for profitability this year, Michener said.

Now the company wants to grow even faster, so Dataplor raised $10.6 million in Series A funding led by Spark Capital. Spark is known for early investments in Slack, Affirm, Postmates, Discord and Deel. The round also includes participation from Quest Venture Partners, Acronym Venture Capital, Circadian Ventures, Two Lanterns Venture Partners and APA Venture Partners. In total, the company has raised $20.3 million.

Dataplor intends to use the funding to make strategic hires and accelerate its sales and brand presence, Michener said.

For the Series A, Spark and Alex Finkelstein, the general partner who led the deal, “had a lot of conviction into what Dataplor was doing,” which was why Michener chose them to lead, he said. As part of the investment, Finkelstein joins Dataplor’s board of directors, which includes John Frankel, founding partner of ffVC.

“Alex saw the bigger picture, and he saw that while we’re not just a POI or places data company, we are helping people get somewhere or sell a product,” Michener said. “He said that by knowing everything about a business, and then across 100 million places, ‘That’s a really big opportunity. No one’s done that before.’ It really resonated, and if we share that same vision, we can use capital to grow and to grow efficiently and effectively, why not? Let’s go do it.”

Have a juicy tip or lead about happenings in the venture world? Send tips to Christine Hall at [email protected] or via this Signal link. Anonymity requests will be respected. 


Software Development in Sri Lanka

Robotic Automations

Google announces Axion, its first custom Arm-based data center processor | TechCrunch


Google Cloud on Tuesday joined AWS and Azure in announcing its first custom-built Arm processor, dubbed Axion. Based on Arm’s Neoverse 2 designs, Google says its Axion instances offer 30% better performance than other Arm-based instances from competitors like AWS and Microsoft and up to 50% better performance and 60% better energy efficiency than comparable X86-based instances.

Google did not provide any documentation to back these claims up and, like us, you’d probably like to know more about these chips. We asked a lot of questions, but Google politely declined to provide any additional information. No availability dates, no pricing, no additional technical data. Those “benchmark” results? The company wouldn’t even say which X86 instance it was comparing Axion to.

“Technical documentation, including benchmarking and architecture details, will be available later this year,” Google spokesperson Amanda Lam said.

Image Credits: Frederic Lardinois/TechCrunch

Maybe the chips aren’t even ready yet? After all, it took Google a while to announce Arm-chips in the cloud, especially considering that Google has long built its in-house TPU AI chips and, more recently, custom Arm-based mobile chips for its Pixel phones. AWS launched its Graviton chips back in 2018.

To be fair, though, Microsoft only announced its Cobalt Arm chips late last year, too, and those chips aren’t yet available to customers, either. But Microsoft Azure has offered instances based on Ampere’s Arm servers since 2022.

In a press briefing ahead of Tuesday’s announcement, Google stressed that since Axion is built on an open foundation, Google Cloud customers will be able to bring their existing Arm workloads to Google Cloud without any modifications. That’s really no surprise. Anything else would’ve been a very dumb move on Google Cloud’s part.

Image Credits: Frederic Lardinois/TechCrunch

“We recently contributed to the SystemReady Virtual Environment, which is Arm’s hardware and firmware interoperability standard that ensures common operating systems and software packages can run seamlessly in ARM-based systems,” Mark Lohmeyer, Google Cloud’s VP for compute and AI/ML infrastructure, explained. “Through this collaboration, we’re accessing a broad ecosystem of cloud customers who have already deployed ARM-based workloads across hundreds of ISVs and open source projects.”

More later this year.


Software Development in Sri Lanka

Robotic Automations

AI data security startup Cyera confirms $300M raise at a $1.4B valuation | TechCrunch


Artificial intelligence continues to be a big threat, but it’s also a huge promise in the world of cybersecurity. Today, one of the startups tackling both the opportunity and the challenge is announcing a major round of funding. Cyera has built an AI-based platform to help organizations understand the location and movement of all the data in their networks — critical for taking the right steps to secure that data, whether to defend against cyberattacks or to keep it from inadvertently leaking into a large language model.

The company has raised $300 million in a Series C round that values it at $1.4 billion, TechCrunch has learned.

Growth rounds continue to be a major challenge for tech startups, so Cyera’s fundraise is notable not just for its size, but also because it nearly triples the company’s valuation in less than a year — it last raised a $100 million Series B in June 2023. This speaks to the company’s traction — it didn’t disclose numbers, but its customers include a number of giant multinationals — as well as its outlook on the market and how it’s addressing that.

TechCrunch and other outlets reported on this fundraise when it was still in the works, and today’s news confirms several of the details we uncovered, including the size of the round and the lead investor, Coatue, which is new to the startup’s cap table. Other new investors include Spark Capital, Georgian, and strategic backer AT&T Ventures.

AT&T is a noteworthy name here. In March, TechCrunch revealed that the multinational carrier had to initiate a mass reset of accounts after the details of 7.6 million current account holders, and more than 65 million former account holders, were dumped online due to a data breach that happened in 2019. Incidents like that are typical of what drives companies to sign up to companies like Cyera, sometimes ahead of any crisis, sometimes in order to prevent another crisis.

“You have no idea how many times a month I get a phone call from a CISO asking delicately for some time,” said Cyera CEO Yotam Segev in an interview. “‘I’ve got something going on,’ they say. ‘I need you. How fast can you guys scan my environment?’ It happens every time. And what we do is, we jump on it. We send a squad, we have them figure out what data was in scope. They sometimes don’t even know what data was breached.” (AT&T’s breach, it should be noted, took place before Cyera was founded.)

In a nutshell, Cyera has built a platform that takes a full assessment of an organization’s data, where it was created, and where it’s stored and where it’s being used.

That’s no small task in itself, since most organizations today work across hybrid environments with a variety of apps, devices, clouds and on-premises servers, with the total amount of data now being counted in tens of zetabytes and exponentially growing to hundreds of zetabytes in the next couple of years, analysts predict. That spaghetti of connections and activity has turned into a nightmare when it comes to auditing data.

Cyera is part of the general category of “posture management,” and there are dozens of others in the space, including big names like CrowdStrike, Zscaler, Wiz, Palo Alto Networks, and Fortinet. All of them will largely agree on why you need to have good posture management: It’s important to know what you have and where it is in order to take care of it. Cyera’s extra step is using AI to handle that process, and it looks at the next generation of enterprise applications and use cases, and the challenges they will pose for data posture management. In today’s world, that next generation is all about one thing: artificial intelligence.

“If you think about it, AI security is where the biggest gap is today for enterprises,” said Segev. “They just have no control over their data, and AI runs on data,” he said in reference to how large language models are built and subsequently work. “But if you don’t even know what data you have, where it lives, how many duplicates of it there are, and what’s the source of truth versus a copy from five years ago, then how are you supposed to actually go and leverage this technology to its full extent? When you think about the risks that AI produces for these companies, it’s all about losing their proprietary data.”

Segev and his co-founder, Tamar Bar-Ilan (CTO), both cut their teeth in the Israeli military, a training ground that puts engineers into real-world scenarios for testing out the most cutting-edge tech. What’s caught the eye of investors is that they have added a strong entrepreneurial layer (plus some charm and salesperson flair) to those learnings.

“We’re going to use this investment to continue to grow our offerings for the customers into the data security platform that they deserve and want,” Segev said. “They don’t want to stitch together 20 products in order to make this program a reality. They want to buy from one vendor.”

Previous backers Sequoia, Accel, Redpoint, and Cyberstarts all also participated in the Series C, and this brings the total raised by Cyera — headquartered in New York with roots in Israel — to $460 million in just three years.

Although Doug Leone is no longer an active partner at Sequoia, he remains a board member at select companies, including Cyera.

“The co-founders here are as good as any I’ve been in business with. They are clear outliers,” he said in an interview. “They had a vision of the increased need and awareness of the need that would hit us like an avalanche. Data is the crown jewel of any company.” 

“The customer’s reactions to Cyera as a platform remind me of our early days at ServiceNow,” said David Schneider, general partner at Coatue Management, in a statement. “I am confident that Cyera will grow to become a key part of enterprise’s data security, which is so crucial with the advent of AI.”


Software Development in Sri Lanka

Robotic Automations

Indian audio giant boAt says it's investigating suspected customer data breach | TechCrunch


India’s largest audio and wearables brand boAt is investigating a possible data breach after hackers advertised a cache of alleged customer data online.

A sample of alleged customer data was uploaded on a known cybercrime forum, which includes full names, phone numbers, email addresses, mailing addresses and order numbers. A portion of the data that TechCrunch reviewed appears genuine based on checks against exposed phone numbers.

The hacker said the breach happened in March, which led to the compromise of the data of more than 7.5 million customers.

In a statement emailed to TechCrunch, boAt said it was investigating the matter but did not disclose specifics.

“boAt is aware of recent claims regarding a potential data leak involving customer information. We take these claims seriously and have immediately launched a comprehensive investigation. At boAt, safeguarding customer data is our top priority,” the company said.

The leaked data includes references to Shopify. Indian outlet Athenil reported that the alleged hackers claimed the data was obtained by using credentials stolen from boAt’s systems.

boAt, which counts Warburg Pincus and South Lake Investment among its key investors, leads the market of wireless earbuds in India with nearly 34% share, according to data provided by IDC. boAt also dominates India’s wearables market, boasting some 26% of the market share.

In 2022, boAt, which was valued at $300 million in its Series B round of $100 million 2021, filed for its IPO to raise up to $266 million. The brand, however, postponed its public listing plans after seeing a slowdown in the public market.


Software Development in Sri Lanka

Robotic Automations

Could Congress actually pass a data privacy law? | TechCrunch


Hello, and welcome back to Equity, a podcast about the business of startups, where we unpack the numbers and nuance behind the headlines. This is our Monday show, where we dig into the weekend and take a peek at the week that is to come.

Now that we are finally past Y Combinator’s demo day — though our Friday show is worth listening to if you haven’t had a chance yet — we can dive into the latest news. So, this morning on Equity Monday we got into the chance that the United States might pass a real data privacy law. There’s movement to report, but we’re still very, very far from anything becoming law.

Elsewhere, the U.S. and TSMC have a new deal, there’s gaming news to consider (and a venture tie-in) and Spotify’s latest AI plans, which I am sure will delight some and annoy others. Hit play, and let’s talk about the news!

Oh, and on the crypto front, I forgot to mention that trading volume of digital tokens seems to have partially arrested its free fall, which should help some exchanges breathe a bit more easily.

Equity is TechCrunch’s flagship podcast and posts every Monday, Wednesday and Friday, and you can subscribe to us on Apple Podcasts, Overcast, Spotify and all the casts.

You also can follow Equity on X and Threads, at @EquityPod.

For the full interview transcript, for those who prefer reading over listening, read on, or check out our full archive of episodes over at Simplecast.




Software Development in Sri Lanka

Robotic Automations

Omni Hotels says customers' personal data stolen in ransomware attack | TechCrunch


Hotel chain giant Omni Hotels & Resorts has confirmed cybercriminals stole the personal information of its customers in an apparent ransomware attack last month.

In an update on its website posted on Sunday, Omni said the stolen data includes customer names, email addresses, and postal addresses, as well as guest loyalty program information. The company said the stolen data does not include financial information or Social Security numbers.

Omni said it shut down its systems on March 29 after identifying intruders in its systems. Guests reported widespread outages across Omni’s properties, including phone and Wi-Fi issues. Some customers said that their room keys stopped working. The hotel chain restored its systems a week later on April 8.

Omni operates dozens of properties across the United States and Canada, and employs more than 14,000 staff, per its website.

A ransomware gang called Daixin has taken credit for the breach.

The Daixin gang said in a post on its dark web site that it would soon leak reams of customer records dating back to 2017. Ransomware gangs typically use such dark web sites to publish stolen information to extort a ransom from their victims.

The gang did not post evidence of their claims, but shared portions of the allegedly stolen files with veteran data breach watcher DataBreaches.net. Per the publication, the gang claimed to steal 3.5 million Omni customer records. A sample of the stolen data shared with DataBreaches.net matched the types of customers’ personal information that Omni said was taken.

A spokesperson for Omni did not immediately respond to a request for comment.

Daixin was the subject of a public advisory by U.S. cybersecurity agency CISA in October after the ransomware crew began targeting businesses across the U.S., including healthcare organizations. The Daixin gang previously took credit for several cyberattacks targeting U.S. hospitals and medical facilities.


Do you know more about the Omni Hotels breach? To contact this reporter, get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.


Software Development in Sri Lanka

Back
WhatsApp
Messenger
Viber