{
	"id": "8acfd5de-4ae0-43fa-85d5-b046a60b4bbd",
	"created_at": "2026-04-11T02:23:30.585567Z",
	"updated_at": "2026-04-11T02:24:15.483447Z",
	"deleted_at": null,
	"sha1_hash": "16b12ee14e139216808ea84c2a0b604667ac32e7",
	"title": "Desorden Group expands attack on Central Group after deal to pay them allegedly fell through - DataBreaches.Net",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 34639,
	"plain_text": "Desorden Group expands attack on Central Group after deal to\r\npay them allegedly fell through - DataBreaches.Net\r\nPublished: 2021-10-27 · Archived: 2026-04-11 02:10:07 UTC\r\nYesterday, this site reported that Desorden Group hit Central Restaurants Group (CRG) in Thailand. A Desorden\r\nspokesperson had told this site that there would be more details to be revealed, and now there are.\r\nIt appears that Centara Hotel Group is part of the Central Group that had been breached.  Centara has now issued a\r\nstatement on their site confirming that there has been a breach and what they did after first becoming aware on\r\nOctober 14 of a problem.  CRG has also issued a statement (in Thai) on its site that attempts to reassure people\r\nthat no credit card or financial information was stolen.\r\nDesorden Group responded to some of Centara’s statements in an email to DataBreaches.net.\r\n“In the announcement,” Desorden writes, “they managed (sic) that they have engaged a reputable consultant to\r\ndeploy investigation immediately after we notified them. We notified them. The management tried to recover their\r\ndata and started negotiation with us on 16th October 2021. On 17th Oct, they managed to recover part of the\r\nsystem and asked for proof that we breached them. The same day, within 10 minutes, we breached the exact same\r\nnetwork of 5 servers and compromise it to show them that we have immediate access to their servers again.\r\nReputable consultant, we will leave it for the public to think about it.”\r\nDesorden also disputes Centara’s claim that the breach impacted “a limited section of our network, with the\r\ngeneral personal data of some of our customers.”\r\n“We basically brought down their entire backend, which consists of 5 servers,” Desorden responds. “In total, over\r\n400 GB of files and data was stolen over a course of 10 days.”\r\nDesorden claims that the exfiltrated data includes millions of customers from many countries:\r\n“Basically, anyone who have ever stayed at any of their 70 luxury hotels between 2003 to 2021 has been\r\ncompromised and we mean luxury first class hotel guests,” Desorden writes, adding:\r\n“In the chat, we have sent them proof of the data by exporting any dataset which they requested and they have\r\nverified the hotel guest leaks. Also, 400 GB of data included all financial data, corporate data, employee data, etc.\r\nBasically, we wiped their network of 5 servers in the heist.”\r\nAccording to Desorden, hotel guest data included name, passport number, id number, phone, email, (some had\r\naddress of residence), check-in/departure time, etc.\r\n“Many millions of them, even those who booked in advance until December 2021 are affected, “Desorden claims.\r\nDesorden informed DataBreaches.net that they have gone public with these details and additional attacks on\r\nCentral Group because after reaching a deal to reportedly pay Desorden $900,000.00 USD on October 26, Central\r\nhttps://www.databreaches.net/desorden-group-expands-attack-on-central-group-after-deal-to-pay-them-allegedly-fell-through/\r\nPage 1 of 2\n\nGroup management broke the agreement to pay. In addition to attacking Centara, Desorden then also attacked\r\nother (additional) Central Group companies and claims that they will be publishing the hotel data in a few days.\r\nA selection of files were provided to this site as proof of claims.\r\nDataBreaches.net reached out to both Central Restaurants Group and Centara Hotel to request a response to\r\nDesorden’s claims, but no responses have been received, possibly due to the late hour there.\r\nThis post will be updated if a reply is received.\r\nSource: https://www.databreaches.net/desorden-group-expands-attack-on-central-group-after-deal-to-pay-them-allegedly-fell-through/\r\nhttps://www.databreaches.net/desorden-group-expands-attack-on-central-group-after-deal-to-pay-them-allegedly-fell-through/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.databreaches.net/desorden-group-expands-attack-on-central-group-after-deal-to-pay-them-allegedly-fell-through/"
	],
	"report_names": [
		"desorden-group-expands-attack-on-central-group-after-deal-to-pay-them-allegedly-fell-through"
	],
	"threat_actors": [],
	"ts_created_at": 1775874210,
	"ts_updated_at": 1775874255,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/16b12ee14e139216808ea84c2a0b604667ac32e7.pdf",
		"text": "https://archive.orkl.eu/16b12ee14e139216808ea84c2a0b604667ac32e7.txt",
		"img": "https://archive.orkl.eu/16b12ee14e139216808ea84c2a0b604667ac32e7.jpg"
	}
}