NightSpire Ransomware Group Claims Breach of Hyatt Hotels
Learn More
Hyatt Hotels Corporation is investigating a ransomware attack claim posted the NightSpire group.
The attackers reportedly broke into Hyatt's systems during the second week of January 2026 and stole approximately 48.5GB of sensitive data. After Hyatt allegedly refused to pay the ransom, the group began leaking portions of the stolen files on the dark web and Telegram to pressure the hospitality chain. The initial leak includes samples intended to prove the legitimacy of the breach.
The breach appears to expose internal infrastructure, with documents originating from the Hyatt Place Chelsea New York. NightSpire shared screenshots of internal customer management systems (CMS) and financial records to demonstrate their access.
The following exposed data types were identified in the leaked samples:
- Employee login credentials for internal CMS and management tools
- Internal financial data, including invoices and expense reports
- Full employee names and contact information
- Digital signatures and partner company data
- Customer management system records
The number of affected individuals is not disclosed.
Hyatt has confirmed an internal investigation is underway, but did not provide other details.
Hyatt's incident response team is currently assessing the scope of the breach to determine the full impact on its 30+ brands, including Park Hyatt and Regency.
