Ransomware victim disclosure
← All victimsRefinery Hotel
Claimed by Akira · listed 2 days ago
Status timeline
- ListedJul 1, 2026
- Data leakeddate unknown
At a glance
- Group
- Akira
- Status
- Data leaked
- Sector
- Hospitality and Tourism
- Listed on leak site
- Jul 1, 2026
About the victim
AI dossier — public-source company profileRefinery Hotel is a luxury hotel located near Bryant Park in New York City, housed in a restored historic hat factory. The property features 197 rooms with industrial-modern design, and operates dining venues including Parker & Quinn restaurant and a rooftop bar.
- Industry
- Luxury Hospitality & Hotels
- Address
- Near Bryant Park, New York City, NY, USA
Attack summary
Severity: critical — Confirmed exfiltration of large-scale regulated PII (passports, SSNs, driver's licenses) and guest data, plus financial and contractual records. Data publication disclosed.The akira group claims to have exfiltrated approximately 15 GB of corporate data, including employee personal information (passports, driver's licenses, SSNs, W9 forms), guest information, financial records, contracts, and NDAs. The group indicates intent to publish this data.
Data the group says was taken
AI dossier — extracted from the leak post- Employee passports
- Employee driver's licenses
- Employee SSNs
- Employee W9 tax forms
- Guest personal information
- Financial records
- Contracts and agreements
- Non-disclosure agreements (NDAs)
What the group claims
Refinery Hotel is a luxury hotel located near Bryant Park in New York City, offering a modern r einterpretation of a historic hat factory. The hotel features 197 stylish rooms with industrial accents and modern amenities, alongside dining options such as the Parker & Quinn restaurant a nd the Refinery Rooftop bar. We will upload 15gb of corporate data soon. Employee personal information (passports, DLs, SSNs , w9 forms), guests information, financials, contracts and agreements, lots of NDAs, etc.
Source
Indexed 2 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

