Ransomware victim disclosure
← All victimsrixos.com
Claimed by Embargo · listed 1 year ago
Status timeline
- ListedMar 14, 2025
- Data leakeddate unknown
At a glance
- Group
- Embargo
- Status
- Data leaked
- Country
- Turkey
- Sector
- Hospitality and Tourism
- Listed on leak site
- Mar 14, 2025
- Data size
- 1.8 TB
About the victim
AI dossier — public-source company profileRixos Hotels is a Turkish luxury hotel chain founded in 2000 and headquartered in Dubai, UAE. The company operates all-inclusive resort properties across Europe and the Middle East, with multiple high-end destinations in Turkey (Istanbul, Belek, Göcek), Egypt, Azerbaijan, Kazakhstan, Russia, Switzerland, Ukraine, and the UAE.
- Industry
- Luxury Hotels & Resorts
- Address
- Dubai, United Arab Emirates (headquarters); Multiple properties across Europe and Middle East including Turkey, Egypt, Azerbaijan, Kazakhstan, Russia, Switzerland, Ukraine, UAE
- Founded
- 2000
Attack summary
Severity: high — Confirmed exfiltration and publication of 1.8 TB of data from a large multinational luxury hospitality company. Dataset likely includes guest PII, payment information, and corporate operational data across multiple countries. Scale and sensitivity of hospitality sector data exposure justifies 'high' severity.Embargo group claims to have exfiltrated 1.8 TB of data from Rixos Hotels. The group has published the data; no ransom demand is stated, and operational encryption status is not disclosed.
Data the group says was taken
AI dossier — extracted from the leak post- Guest records and booking data
- Employee information
- Financial/payment records
- Operational systems data
- Corporate databases
What the group claims
Founded in 2000 and headquartered in Dubai, United Arab Emirates, Rixos Hotels is a Turkish luxury hotel chain. The company operates hotels and resorts across Europe and the Middle East, including properties in Azerbaijan, Egypt, Kazakhstan, Russia, Switzerland, Turkey, Ukraine and the UAE. - We will disclose 1.8 TB of data
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

