In 2024, Omni Hotels fell victim to a targeted cyberattack that severely disrupted its core operations. The breach compromised the hotel chain’s reservation and check-in systems, rendering room key card functionality inoperable and crippling payment processing across multiple locations. Guests experienced prolonged delays, denied access to rooms, and financial transaction failures, leading to widespread frustration and reputational damage. The attack exploited vulnerabilities in the hotel’s interconnected building management systems (BMS), which govern critical infrastructure like HVAC, security, and access control. Investigations suggested the intruders leveraged outdated software or weak authentication protocols common in legacy BMS environments to gain unauthorized access. While no immediate physical harm was reported, the operational paralysis threatened guest safety protocols (e.g., fire alarms, emergency exits) and exposed sensitive customer data during the payment outage. The incident forced Omni to implement emergency manual overrides, incur significant recovery costs, and face potential legal liabilities from affected guests. Insurers scrutinized the hotel’s cybersecurity posture, complicating claims for business interruption losses. The attack underscored the risks of unpatched smart building technologies, where operational convenience intersects with high-stakes cyber threats.
Source: https://www.helpnetsecurity.com/2025/10/21/smart-buildings-cybersecurity-risks/
TPRM report: https://www.rankiteo.com/company/omni-hotels
"id": "omn3332533102125",
"linkid": "omni-hotels",
"type": "Cyber Attack",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Hotel Management',
'location': 'Global (Primary: North America)',
'name': 'Omni Hotels & Resorts',
'size': 'Large Enterprise',
'type': 'Hospitality'},
{'industry': 'Building Automation',
'location': 'Global',
'name': 'Organizations Using Tridium’s Niagara '
'Framework',
'type': ['Commercial Real Estate',
'Industrial Facilities',
'Critical Infrastructure']},
{'industry': 'Real Estate',
'location': 'Global',
'name': 'Buildings with Legacy BMS (BACnet/Modbus)',
'type': ['Office Buildings',
'Hospitals',
'Educational Institutions',
'Retail Spaces']}],
'attack_vector': ['Exploitation of Legacy Protocols (BACnet, Modbus)',
'Unpatched Known Vulnerabilities (75% of orgs affected per '
'Claroty)',
'Default/Hardcoded Credentials',
'Open Ports/Exposed Systems (via Shodan)',
'Third-Party Remote Access Tools (Lack of MFA)',
'Outdated Operating Systems (e.g., Windows 7)',
'Weak Network Segmentation (Lateral Movement to Corporate '
'Networks)'],
'customer_advisories': ['Omni Hotels: Limited Public Notification (2024)'],
'data_breach': {'data_encryption': ['Likely Absent in Legacy Protocols '
'(BACnet/Modbus)'],
'data_exfiltration': ['Possible in Unnoticed Intrusions'],
'personally_identifiable_information': ['Potential (If '
'Biometric/Facial '
'Recognition '
'Deployed)'],
'sensitivity_of_data': ['Medium to High (Operational + '
'Potential PII)'],
'type_of_data_compromised': ['Potential: Building Occupancy '
'Patterns',
'Payment Data (Omni Hotels)',
'PII (If Facial Recognition '
'Used)']},
'date_publicly_disclosed': '2024-01-01',
'description': 'The global smart building market, valued at $126.6 billion in '
'2024 and projected to reach $571.3 billion by 2030, faces '
'significant cybersecurity risks due to outdated systems, '
'legacy protocols (e.g., BACnet, Modbus), unpatched '
'vulnerabilities, and weak access controls. Building '
'Management Systems (BMS) linking HVAC, lighting, elevators, '
'and fire safety are prime targets. Recent incidents, such as '
'the 2024 Omni Hotels cyberattack, highlight disruptions to '
'reservation systems, room key cards, and payment processing. '
'Vulnerabilities in platforms like Tridium’s Niagara Framework '
'(13 flaws identified by Nozomi Networks) and widespread use '
'of unsupported OS (e.g., Windows 7) exacerbate risks. Attacks '
'often go unnoticed, with physical malfunctions (e.g., AC '
'failures, elevator outages) misattributed to maintenance '
'issues. Reputational damage, insurance gaps, and operational '
'disruptions (e.g., disabled fire alarms) pose critical '
'threats. Mitigation requires patch management, MFA for vendor '
'access, staff training, and layered defenses combining IT and '
'facilities teams.',
'impact': {'brand_reputation_impact': ['High (Loss of Tenant/Customer Trust)',
'Deterrent for New Occupants'],
'customer_complaints': ['Potential Increase Due to Service '
'Disruptions (e.g., Omni Hotels)'],
'downtime': ['Undisclosed (Potential Prolonged Due to Unnoticed '
'Intrusions)',
'Omni Hotels: Reservation/Check-in/Payment '
'Disruptions (2024)'],
'legal_liabilities': ['Potential Lawsuits from Safety Incidents '
'(e.g., Fire Alarm Failures)',
'Regulatory Non-Compliance (Data Breaches)'],
'operational_impact': ['Physical Safety Risks (e.g., Disabled Fire '
'Alarms)',
'Maintenance Misattribution (AC/Elevator '
'Failures)',
'Tenant Trust Erosion',
'Property Value Decline'],
'payment_information_risk': ['Exposed in Omni Hotels Incident '
'(2024)'],
'systems_affected': ['Building Management Systems (BMS)',
'HVAC Controls',
'Lighting Systems',
'Elevators',
'Fire Safety Systems',
'Security Cameras',
'Access Control (Door/Keycard Systems)',
'Reservation/Payment Systems (e.g., Omni '
'Hotels)']},
'initial_access_broker': {'backdoors_established': ['Likely in Unpatched '
'Systems'],
'data_sold_on_dark_web': ['Possible for Building '
'Occupancy Data'],
'entry_point': ['Exposed BMS via Shodan',
'Vendor Remote Access Tools',
'Open Ports in Legacy Systems'],
'high_value_targets': ['HVAC (Disruption Potential)',
'Fire Safety (Life Risk)',
'Payment Systems (Financial '
'Gain)'],
'reconnaissance_period': ['Potentially Months/Years '
'(Unnoticed Intrusions)']},
'investigation_status': ['Ongoing for Industry-Wide Risks',
'Resolved for Omni Hotels (Assumed)'],
'lessons_learned': ['Legacy BMS Protocols (BACnet/Modbus) Are Critical Attack '
'Vectors',
'Unpatched Systems Enable Prolonged, Unnoticed Intrusions',
'Physical Malfunctions May Indicate Cyber Incidents',
'Vendor Remote Access Requires MFA and Monitoring',
'Insurance Gaps Exist for OT-Centric Cyberattacks',
'Cross-Team Collaboration (IT + Facilities) Is Essential'],
'motivation': ['Financial Gain (Ransomware)',
'Operational Disruption',
'Data Theft',
'Espionage (State-Backed Potential)'],
'post_incident_analysis': {'corrective_actions': ['Mandatory OT Security '
'Training for Facilities '
'Staff',
'Automated Patch Deployment '
'for BMS Components',
'OT-Focused SOC Integration',
'Dark Web Monitoring for '
'Stolen Building Data',
'Cybersecurity Clauses in '
'Vendor Contracts'],
'root_causes': ['Neglected Patch Management for OT '
'Systems',
'Over-Reliance on Legacy Protocols '
'(BACnet/Modbus)',
'Lack of OT-Specific Monitoring',
'Weak Vendor Access Controls',
'Silos Between IT and Facilities '
'Teams']},
'ransomware': {'data_encryption': ['Possible in Future Attacks'],
'data_exfiltration': ['Double Extortion Risk']},
'recommendations': ['Immediate Patch Management for Known Vulnerabilities '
'(e.g., Niagara Framework)',
'Replace/Upgrade EOL Systems (e.g., Windows 7, '
'Unsupported Firmware)',
'Implement Network Segmentation Between BMS and Corporate '
'IT',
'Enforce MFA for All Remote Access (Vendors/Staff)',
'Centralize and Monitor BMS Logs for Anomalies',
'Train Facilities Staff to Recognize Cyber-Physical '
'Warning Signs',
'Conduct Regular OT Security Audits (e.g., Shodan '
'Exposure Checks)',
'Review Insurance Policies for Cyber-OT Coverage Gaps',
'Adopt Zero Trust Principles for Building Automation '
'Systems',
'Develop Joint IT-Facilities Incident Response Playbooks'],
'references': [{'date_accessed': '2024-01-01',
'source': 'Claroty Research Report',
'url': 'https://www.claroty.com'},
{'date_accessed': '2024-01-01',
'source': 'Nozomi Networks: Tridium Niagara Vulnerabilities',
'url': 'https://www.nozominetworks.com'},
{'date_accessed': '2024-01-01',
'source': 'Royal Institution of Chartered Surveyors (RICS) '
'Warning',
'url': 'https://www.rics.org'},
{'date_accessed': '2024-01-01',
'source': 'Omni Hotels Cyberattack (2024) News Coverage',
'url': 'https://www.omnihotels.com/press'}],
'regulatory_compliance': {'regulations_violated': ['Potential: GDPR (If PII '
'Compromised)',
'Industry-Specific OT '
'Security Standards'],
'regulatory_notifications': ['Unknown (Likely '
'Required for Data '
'Breaches)']},
'response': {'communication_strategy': ['Limited Public Disclosure (Omni '
'Hotels)',
'Internal Stakeholder Briefings'],
'containment_measures': ['Isolation of Affected BMS Components',
'Disabling Remote Access for Vendors '
'(Temporary)'],
'enhanced_monitoring': ['Log Centralization (Currently Lacking '
'in Most Cases)'],
'incident_response_plan_activated': ['Likely for Omni Hotels '
'(2024)',
'Unknown for Most '
'Organizations'],
'network_segmentation': ['Recommended but Not Universally '
'Implemented'],
'recovery_measures': ['Restoration of Reservation/Payment '
'Systems (Omni Hotels)',
'Manual Overrides for Critical Systems '
'(e.g., Fire Alarms)'],
'remediation_measures': ['Patch Management for Niagara Framework',
'Replacement of EOL Systems (e.g., '
'Windows 7)',
'Credential Rotation '
'(Default/Hardcoded)'],
'third_party_assistance': ['Vendor Patching (e.g., Tridium)',
'Cybersecurity Firms (e.g., Claroty, '
'Nozomi Networks)']},
'stakeholder_advisories': ['Urgent: Building Owners/Operators',
'Moderate: Tenants/Insurance Providers'],
'title': 'Smart Building Cybersecurity Vulnerabilities and Risks (2024)',
'type': ['Cybersecurity Vulnerability Exposure',
'Operational Technology (OT) Risk',
'Supply Chain Risk'],
'vulnerability_exploited': ['CVE in Tridium’s Niagara Framework (13 '
'vulnerabilities, Nozomi Networks)',
'BACnet/Modbus Protocol Flaws (No '
'Encryption/Authentication)',
'Unsupported Firmware/OS (EOL Systems)',
'Improper Access Controls (Shared Credentials)']}