Cancún Tourists’ Personal Info Leaked in Major Cyber Attack

The security of thousands of tourists who have visited Cancún has been compromised due to a large-scale cyber attack. The breach affected both domestic and international visitors who have traveled to the popular destination in recent years.

Haven Resorts, a hotel group with properties in Quintana Roo, was among the entities breached. Other luxury hotel groups were also affected, alongside travel agencies including Despegar.com, Agoda Company, Expedia, and OTS Open. These companies, along with various intermediaries that handle hotel payments and reservations in the Mexican Caribbean, had their records exposed in the leak.

More than 24,000 hotel reservations were compromised in the breach, revealing personal, banking, and transactional information of guests. The leaked data, now available on the dark web, could potentially be used by cybercriminals for financial fraud, identity theft, and phishing campaigns.

The exposed information includes full names, email addresses, phone numbers, home addresses, travel itineraries, and partial credit card details.

Discovery of the Breach

The breach was identified by cybersecurity researchers who discovered an unprotected Elasticsearch server and Kibana interface containing the leaked dataset. The exposed data included detailed stay information, such as arrival times, number of guests, and prices paid. While the specific duration of the exposure is unclear, the server was secured shortly after the discovery.

This breach poses a significant risk of bank fraud and identity theft. The compromised reservations range from 2022 to 2025. Not only were guests affected, but also hotel chain employees, as the leaked documents included employment contracts with personal information.

Potential Ramifications for Affected Individuals

The compromised data includes personally identifiable information (PII), which cybercriminals can exploit for various malicious activities:

• Identity Theft: Attackers can use stolen personal details to commit fraud, such as opening new credit accounts or applying for loans in the victims’ names.
  
• Financial Fraud: Partial credit card information can be utilized in conjunction with other data to make unauthorized transactions or create counterfeit cards.
  
• Phishing and Social Engineering: With access to personal information, cybercriminals can craft convincing phishing emails or messages to deceive individuals into revealing additional sensitive data or credentials.

Preventive Measures and Industry Response

In light of increasing cyber threats, especially with the rise of AI-driven attacks, the hospitality industry is taking steps to bolster cybersecurity:

• Enhanced Security Protocols: Hotels and related businesses are implementing advanced security measures, including regular system audits, intrusion detection systems, and end-to-end encryption, to protect against unauthorized access.
  
• Employee Training: Recognizing that staff can be targets for social engineering, many organizations are investing in comprehensive cybersecurity training programs to educate employees about potential threats and safe practices.
  
• Collaboration with Cybersecurity Firms: Hotels are partnering with cybersecurity experts to conduct vulnerability assessments and develop robust incident response plans.

Additionally, local authorities in Cancún are investing in infrastructure to enhance security. Approximately 12 million pesos are being allocated for a new Command and Control Centre (C2) in the Cancún Hotel Zone, aiming to improve monitoring and response capabilities to various threats, including cyber incidents.

Cyber attacks have become increasingly sophisticated in recent years. The Cybersecurity Report 2025 by the Center for Cyber Intelligence (CCI) of Entel Digital reports that organized cybercrime increased by 30% during 2024. This surge is largely due to the use of Artificial Intelligence (AI) for executing larger, more targeted attacks, and the rise of Ransomware-as-a-Service (RaaS) platforms.

RaaS has emerged as the primary threat in Latin America and the Caribbean, accounting for 38% of all cyber attacks in the region in 2024. Brazil led the incidents with 46% of the cases, followed by Mexico (17%), Argentina (10%), and Chile (7%). The exploitation of “unpatched” vulnerabilities, lack of mitigation strategies, system updates, and incident response protocols have been key factors in the spread of RaaS.

The economic impact of cybercrime has also significantly increased. In 2024, the average cost of post-ransomware recovery reached $3 million, while the cost of a data breach increased from $4.45 million in 2023 to $4.88 million in 2024.

This incident underscores the critical need for stringent cybersecurity measures within the hospitality sector to protect guest information and maintain trust.