Important Security Update

Updated on 9 May 2025 (AEST)

On 24 March 2025, The Fullerton Hotel Sydney experienced a ransomware attack. As soon as the incident was detected, we immediately took steps to secure our IT systems and implement precautionary security measures. While there was some initial impact on hotel operations, all guest services and IT systems have now been restored.

We conducted a comprehensive investigation to assess the full scope of the incident. That investigation determined that an unauthorised person gained access to and exfiltrated:

- employee records of current and former employees of The Fullerton Hotel Sydney; and
- credit card details of a small number of hotel guests

from the hotel’s IT systems. The unauthorised person did not have access to the hotel’s main database of guest information. All affected individuals have been notified in writing. At this stage, it does not appear that any of the exfiltrated data has been published.

The incident affected the IT systems of The Fullerton Hotel Sydney only; the investigation has confirmed that Fullerton hotels in Singapore and Hong Kong were not affected by the incident.

We have reported the incident to the Office of the Australian Information Commissioner and the Australian Cyber Security Centre and shall fully cooperate with the authorities. We are committed to implementing a range of additional security measures to ensure it does not occur again. We want to reassure our valued guests that we are committed to protecting our guests’ personal information. We regret any distress or inconvenience this incident may have caused.
 

Click here for previous updates.