The threat actor Stormous has claimed to have accessed and stolen sensitive data from www.regencyrestors.com, including full customer reservation databases, scanned ID documents, internal emails via OWA, employee and customer email lists, and RDP credential files. They have indicated the potential for this information to be leaked or publicly disclosed.
Incident Details
- Victim: www.regencyrestors.com
- Country:
- Actor: stormous
- Source: http://6sf5xa7eso3e3vk46i5tpcqhnlayczztj7zjktzaztlotyy75zs6j7qd.onion/regencytorviscas.com
- Discovered: 2025-05-11 03:38:48.104232
- Published: 2025-05-11 03:37:40.289193
Information
- Access to full customer reservation databases, including names, phone numbers, emails, addresses, and booking dates
- Recovery of scanned ID documents such as passports and national IDs
- Extraction of internal emails accessed via OWA (Outlook Web Access)
- Compromise of employee and customer email lists
- Leakage of RDP credential files containing usernames and passwords
Disclaimer: This post is based on public claims made by the ransomware group "stormous". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.