Attana Hotels (Villea Hotels) Hit by Payload Ransomware
Ransomware.live reported that Malaysian hospitality group Attana Hotels & Resorts (operating as Villea Hotels) was added to the Payload ransomware group's leak site. The group claims to have compromised the organization and published proof. No further details on exfiltrated data volume or specific records have been disclosed publicly.
- internal-data
Malaysian hospitality group Attana Hotels & Resorts, which operates under the name Villea Hotels, was added to the Payload ransomware group’s leak site on June 8, 2026. The group claims it compromised the company’s systems and published proof of the intrusion. While the exact number of people affected remains unknown, the incident involves internal data that could include guest records, employee information, and other personal details handled by the hotel chain.
Public reporting from Ransomware.live indicates that the ransomware operators listed Villea Hotels in Attana Hotels on their leak site and posted samples as evidence. No specific volume of stolen data or detailed list of exposed record types has been released. The breach falls into the category of ransomware incidents where criminals gain access, exfiltrate information, and then threaten to publish it unless a ransom is paid. As of now, the precise contents of the leaked internal data have not been independently verified by third parties.
Want the rest of this breakdown?
Sign up free to keep reading. Members get extended access, the weekly breach digest, and a complimentary Warden™ to see if their identity is exposed in the breaches we cover.
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →