Ransomware Group: STORMOUS

VICTIM NAME: www[.]jparkislandresort[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the STORMOUS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page associated with the victim, a hospitality and tourism establishment based in the Philippines, reveals a significant data breach that occurred on May 15, 2025. The compromised data set includes approximately 14 gigabytes of sensitive information, notably full reservation databases, booking platform references, and payment details. The exposed information encompasses credit card numbers, expiration dates, CVV codes, physical card scans, billing addresses, and customer personal details. Additionally, internal communication logs, guest registration forms with signatures, and transaction history reports are also included, indicating a severe breach of customer privacy and financial security.

The incident was discovered shortly after the breach date. Notably, the leak exposes unencrypted customer booking details on platforms such as HeyTripGo, allowing unauthorized access to sensitive financial and personal data. The leak also contains references to booking exchanges with other platforms such as Agoda, as well as internal reports and partner invoice logs, which could be used for further malicious activities. A screenshot linked to the leak shows internal documentation, emphasizing the scale and depth of the data exposure. No personally identifiable information (PII) or proprietary company details are disclosed publicly beyond what is listed in the compromised data, but the breach underscores vulnerabilities in the resort’s data security measures.