Ransomware victim disclosure
← All victimsJpark Island Resort & Waterpark
listed as www.jparkislandresort.com · Claimed by Stormous · listed 1 year ago
Status timeline
- ListedMay 15, 2025
- Data leakeddate unknown
At a glance
- Group
- Stormous
- Status
- Data leaked
- Country
- Philippines
- Sector
- Hospitality and Tourism
- Listed on leak site
- May 15, 2025
About the victim
AI dossier — public-source company profileJpark Island Resort & Waterpark is a 5-star luxury resort in Mactan, Cebu, Philippines, featuring 820 accommodations (772 rooms/suites and 48 villas), a large waterpark with multiple pools and slides, an indoor theme park (Pororo Park), 13 restaurants and bars, and extensive event facilities. The resort caters to families, corporate clients, and MICE (meetings, incentives, conferences, exhibitions) events.
- Industry
- Luxury Hospitality & Resort Management
- Address
- Mactan, Cebu, Philippines
Attack summary
Severity: critical — Confirmed exfiltration of payment card data (PII + financial) at scale affecting multiple guests across a major resort, plus regulatory-sensitive guest personal data and ID documents. Raw credit card numbers, CVV codes, and card images represent high-risk financial fraud exposure.The Stormous group claims to have exfiltrated the resort's full reservation databases, booking platform integrations (HeyTripGo, Agoda), payment systems, guest registration records, ID documents, and internal communications. The group alleges exposure of raw credit card data (numbers, expiration dates, CVV codes), physical card images, cardholder names and billing addresses, transaction history, guest personal details, and booking references.
Data the group says was taken
AI dossier — extracted from the leak post- Full reservation databases
- Booking platform data (HeyTripGo, Agoda references)
- Credit card numbers, expiration dates, CVV codes
- Physical card image scans
- Cardholder names and billing addresses
- Transaction history and reports
- Partner commission data and invoices
- Guest ID documents and scans
- Guest registration forms with signatures
- Internal booking confirmation exchanges
- Customer personal details
What the group claims
Full reservation databases Booking platform references (including HeyTripGo) Payment Data PDF files containing credit card numbers, expiration dates, and CVV codes Scans of physical card images used in transactions Names and billing addresses linked to cards Full reports of transaction history Partner comission data and invoice logs ID Documents Guest registration forms (with physical signatures) Internal Communication Booking confirmation exchanges with platforms (HeyTripGo, Agoda, etc.) It was clearly observed that HeyTripGo.com does not encrypt or anonymize customer booking details, allowing direct exposure of Raw redit card data Customer personal details Booking references traceable to their system
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

