Aman Data Breach Exposes VIP Status and Personal Details of 215,000 Guests

Ultra-luxury hotel brand Aman has suffered a massive data breach, exposing the highly sensitive personal information of over 215,000 guests. The notorious hacking group ShinyHunters claimed responsibility for the cyberattack in April 2026, executing a "pay or leak" extortion campaign that has now resulted in the public release of the stolen data. The compromised database was officially added to the Have I Been Pwned (HIBP) tracking platform on May 1, 2026.

The leaked data was allegedly extracted directly from the Salesforce CRM used by the hotel chain. While not every record contains the exact same level of detail, the leaked files include a staggering amount of personally identifiable information. Exposed data points include 215.6 thousand unique email addresses, physical addresses, phone numbers, dates of birth, genders, and nationalities.

Most alarmingly for a luxury hospitality brand, the leak also exposes spouse names and internal VIP status codes. This specific combination of high-net-worth indicators and family details creates a highly dangerous scenario for targeted individuals, leaving them vulnerable to sophisticated social engineering attacks.

If your information was caught in this breach, you must take immediate defensive action to secure your digital identity. The inclusion of physical addresses and spouse names makes secondary attacks highly likely.

• Change Passwords: Immediately change the password on any account where you used the same credentials associated with your Aman booking.
• Enable 2FA: Wherever supported, add an extra layer of security to your accounts by enabling Two-Factor Authentication.
• Use a Password Manager: Utilize a dedicated password manager, such as 1Password, to generate and store strong, unique passwords for all your online profiles.
• Beware of Phishing: Remain highly vigilant against targeted emails or phone calls referencing your VIP status, recent stays, or spouse's name, as attackers will use these details to build trust.

This breach highlights a growing trend of cybercriminals targeting the CRM systems of luxury brands rather than traditional payment gateways. By extracting data directly from a Salesforce CRM environment, ShinyHunters bypassed heavily encrypted financial systems to steal something arguably more valuable for long-term exploitation: detailed profiles of high-net-worth individuals.

The inclusion of VIP status codes and spouse names provides threat actors with the exact blueprint needed to launch devastatingly personalized spear-phishing campaigns. For ultra-luxury brands like Aman, where privacy and exclusivity are core products, a breach of this nature causes severe reputational damage that extends far beyond a standard email leak.