Ransomware victim disclosure
← All victimsHoliday Palace
listed as holidaypalace.com · Claimed by Apt73 · listed 1 day ago
Status timeline
- ListedJul 2, 2026
- Data leakeddate unknown
At a glance
- Group
- Apt73
- Status
- Data leaked
- Country
- Macao SAR China
- Sector
- Hospitality and Tourism
- Listed on leak site
- Jul 2, 2026
About the victim
AI dossier — public-source company profileHoliday Palace is a hotel located in Poipet, Cambodia, near the Thailand-Cambodia border. The property offers multiple room types (Panorama, Deluxe Palace, Resort Suite, Connecting Suite, Royal Suite), multiple dining options (Indonesian, Chinese, and Japanese restaurants, plus Palais Coffee café), and a duty-free shop. It markets itself as a 'classic luxury hotel' targeting tourists and business travelers.
- Industry
- Hospitality & Tourism — Hotel & Resort
- Address
- Poipet, Cambodia (border area, Thailand-Cambodia)
Attack summary
Severity: high — Confirmed exfiltration of guest personal information and internal business data from a hospitality operator. Guest data (names, contact details, payment info, passport numbers typical in hotel systems) is regulated/sensitive PII at scale. No ransom demand noted but data is published.APT73 claims to have compromised Holiday Palace and exfiltrated guest information, internal documents, reports, photos, and videos. The group has disclosed the attack and published data.
Data the group says was taken
AI dossier — extracted from the leak post- guest information
- internal documents
- reports
- photos
- videos
What the group claims
Holiday Palace Hotel in Spain. Guest information, internal documents, reports, photos, videos, an...
Sources
Source
Indexed 1 day agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

