Ransomware victim disclosure
← All victimsPan Pacific Hotels Group
Claimed by Karakurt · listed 3 years ago
Status timeline
- ListedJun 28, 2023
- Data leakeddate unknown
At a glance
- Group
- Karakurt
- Status
- Data leaked
- Country
- Singapore
- Sector
- Hospitality
- Listed on leak site
- Jun 28, 2023
About the victim
AI dossier — public-source company profilePan Pacific Hotels Group is a wholly-owned hotel subsidiary of Singapore-listed UOL Group Limited, operating three brands: Pan Pacific, PARKROYAL COLLECTION, and PARKROYAL. The group manages and owns hotels, resorts, and serviced suites across the Asia-Pacific, Oceania, and North America regions. The affected property cited in the leak is Pan Pacific Melbourne, Australia.
- Industry
- Hospitality & Hotel Management
- Address
- Pan Pacific Hotels Group, 7 Straits View, Marina One East Tower, Singapore 018936
- Employees
- 1001-5000
- Founded
- 1986
Attack summary
Severity: critical — Confirmed exfiltration of regulated PII at scale including government-issued identity documents (passports, driver's licences) and SSNs from hotel guests and/or staff, combined with 40+ GB of corporate data and a data_published status indicating active or imminent release.Karakurt claims to have exfiltrated 40+ GB of data from Pan Pacific Melbourne, including corporate documents, personal identification documents (SSNs, passports, driver's licences), and contracts. The disclosure status is 'data_published', indicating the group has begun or is threatening to release the stolen data.
Data the group says was taken
AI dossier — extracted from the leak post- Corporate contracts
- Social Security Numbers (SSNs)
- Passport copies
- Driver's licence copies
- Personal documents
- Corporate documents
What the group claims
Pan Pacific Hotels Group is a wholly-owned hotel subsidiary of Singapore-listed UOL Group Limited. Pan Pacific Melbourne has lost lots of corporate and personal documents. Contracts, ssns, passports, drivers licenses. 40+GB of data are coming.
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

