NightSpire Claims Ransomware Attack on Hyatt Place Chelsea, Stealing 48.5 GB of Sensitive Data
A ransomware attack targeting the Hyatt Place Chelsea hotel in New York has allegedly resulted in the theft of 48.5 GB of sensitive data, according to the threat actor NightSpire, which listed the breach on its dark web leak site. The stolen files, reviewed by security researchers at Cybernews, include invoices, expense reports, employee names, contact details, signatures, and partner company data information that could fuel phishing attacks or grant unauthorized access to internal systems.
Among the compromised data, researchers identified potential employee credentials for Hyatt’s internal content management system (CMS), raising concerns that attackers may already have access to broader corporate networks. Exposed contact details and email signatures could further enable social engineering campaigns targeting employees, clients, or business partners.
Hyatt Hotels Corporation has not yet confirmed the breach, offering no official statement or updates via its newsroom or social media channels. The company operates over 1,350 properties worldwide, employs 52,000 people, and serves millions of guests annually, including members of its 60-million-strong loyalty program.
The hospitality sector remains a prime target for ransomware groups, with hotels frequently facing attacks due to their vast customer data and interconnected systems. If verified, this incident would add Hyatt to a growing list of breached hospitality chains. Further details may emerge pending Hyatt’s response.
Grand Hyatt New York cybersecurity rating report: https://www.rankiteo.com/company/grand-hyatt-new-york
Hyatt Place New York/Chelsea cybersecurity rating report: https://www.rankiteo.com/company/hyatt-place-new-york-chelsea
"id": "GRAHYA1768941064",
"linkid": "grand-hyatt-new-york, hyatt-place-new-york-chelsea",
"type": "Ransomware",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Hospitality',
'location': 'New York, USA',
'name': 'Hyatt Place Chelsea',
'type': 'Hotel'},
{'customers_affected': '60 million loyalty program '
'members',
'industry': 'Hospitality',
'location': 'Global',
'name': 'Hyatt Hotels Corporation',
'size': '52,000 employees, 1,350+ properties',
'type': 'Parent Company'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Invoices',
'Expense reports',
'Employee names',
'Contact details',
'Signatures',
'Partner company data',
'Employee credentials']},
'description': 'A ransomware attack targeting the Hyatt Place Chelsea hotel '
'in New York has allegedly resulted in the theft of 48.5 GB of '
'sensitive data, including invoices, expense reports, employee '
'names, contact details, signatures, and partner company data. '
'The threat actor NightSpire listed the breach on its dark web '
'leak site. The compromised data includes potential employee '
'credentials for Hyatt’s internal content management system '
'(CMS), raising concerns about unauthorized access to broader '
'corporate networks.',
'impact': {'data_compromised': '48.5 GB of sensitive data',
'identity_theft_risk': 'High (employee and partner data exposed)',
'systems_affected': 'Internal content management system (CMS)'},
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'source': 'Cybernews'}],
'threat_actor': 'NightSpire',
'title': 'NightSpire Ransomware Attack on Hyatt Place Chelsea',
'type': 'Ransomware'}