Ransomware victim disclosure
← All victimsAil Hospitality Group
Claimed by Pear · listed 11 months ago
Status timeline
- ListedAug 5, 2025
- Data leakeddate unknown
At a glance
- Group
- Pear
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Aug 5, 2025
About the victim
AI dossier — public-source company profileAIL Hospitality Group is a hotel management company operating a diverse portfolio of branded properties across the Mid-Atlantic and Ohio regions, including Wyndham, Ramada, Days Inn, Sleep Inn, Ascend, and Trademark Collection properties. They manage hotels in West Virginia, Maryland, Ohio, and Pennsylvania, offering full-service hospitality management including operations, sales & marketing, and food & beverage services.
- Industry
- Hospitality Management & Hotel Operations
Attack summary
Severity: medium — Data has been published by the threat actor (disclosed status confirmed), and the company operates across multiple hotel properties potentially exposing guest or employee information at scale. However, no specific data inventory, proof count, or confirmation of regulated data (PII, payment cards) is stated in the available leak post excerpt.The pear group claims to have attacked AIL Hospitality Group and published data. No specific details on encryption, exfiltration method, or data categories are provided in the available leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Hotel operational data
- Guest or employee records (inferred from hospitality sector exposure)
What the group claims
AIL Hospitality manage a diverse portfolio of hotels located in states like West Virginia, Maryland, Ohio, and Pennsylvania
Sources
Source
Indexed 11 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

