Hyatt
January 19, 2026
•[ ransomware, data leak, double-extortion ]
A ransomware group calling itself NightSpire publicly claimed on January 19, 2026 that it attacked Hyatt and exfiltrated 48.5GB of data originating from the Hyatt Place Chelsea New York hotel. The actors published samples that appeared to include internal company documents such as invoices, expense reports containing employee names, contact information, signatures, and partner company data, and researchers noted the sample list suggested possible exposure of employee credentials for internal tools (raising risk of further compromise). The posting indicated a free download link, consistent with double-extortion tactics where stolen data is leaked if negotiations fail. At the time of reporting, Hyatt had not publicly confirmed the breach and the claims remained unverified by the company.
Attorney General’s Office of the State of Guanajuato (FGEG)
November 13, 2025
•[ ransomware, data leak, double-extortion ]
Mexico Business News reports Guanajuatos Attorney Generals Office confirmed a cybersecurity incident after a ransomware attack attributed to Tekir APT. Attackers claim they stole 250GB+ of confidential data, including judicial files and internal databases. Officials are reviewing controls, without confirming attribution or ransom payment. Hackmanac alleges subdomain encryption and double-extortion.
Attorney General’s Office of the State of Guanajuato (FGEG)
November 13, 2025
•[ ransomware, data leak, double-extortion ]
Mexico Business News reports Guanajuatos Attorney Generals Office confirmed a cybersecurity incident after a ransomware attack attributed to Tekir APT. Attackers claim they stole 250GB+ of confidential data, including judicial files and internal databases. Officials are reviewing controls, without confirming attribution or ransom payment. Hackmanac alleges subdomain encryption and double-extortion.
