DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

AMI Group – Travel & Tours notice of ransomware attack

Posted on June 9, 2025 by Dissent

The following notice was posted June 3 on Facebook.ย  As of publication, there is no notice on their website, and although AMI indicates that APT73 is responsible for the attack, there is nothing on Bashe’s leak site or any other leak site.ย 

๐Ÿšจ ๐—จ๐—ฅ๐—š๐—˜๐—ก๐—ง ๐—ฃ๐—จ๐—•๐—Ÿ๐—œ๐—– ๐—ก๐—ข๐—ง๐—œ๐—–๐—˜ โ€“ ๐—–๐—ฌ๐—•๐—˜๐—ฅ๐—ฆ๐—˜๐—–๐—จ๐—ฅ๐—œ๐—ง๐—ฌ ๐—”๐—Ÿ๐—˜๐—ฅ๐—ง ๐Ÿšจ
๐—ง๐—ผ ๐—ผ๐˜‚๐—ฟ ๐˜ƒ๐—ฎ๐—น๐˜‚๐—ฒ๐—ฑ ๐—ฐ๐—น๐—ถ๐—ฒ๐—ป๐˜๐˜€, ๐—ฝ๐—ฎ๐—ฟ๐˜๐—ป๐—ฒ๐—ฟ๐˜€, ๐˜€๐˜๐—ฎ๐—ธ๐—ฒ๐—ต๐—ผ๐—น๐—ฑ๐—ฒ๐—ฟ๐˜€, ๐—ฎ๐—ป๐—ฑ ๐˜๐—ต๐—ฒ ๐—ถ๐—ป๐˜๐—ฒ๐—ฟ๐—ป๐—ฎ๐˜๐—ถ๐—ผ๐—ป๐—ฎ๐—น ๐—ฝ๐˜‚๐—ฏ๐—น๐—ถ๐—ฐ:
It is our corporate responsibility to inform you that ๐—”๐— ๐—œ ๐—š๐—ฟ๐—ผ๐˜‚๐—ฝ ๐—ผ๐—ณ ๐—–๐—ผ๐—บ๐—ฝ๐—ฎ๐—ป๐—ถ๐—ฒ๐˜€ has been identified as a target of a sophisticated ๐—ฟ๐—ฎ๐—ป๐˜€๐—ผ๐—บ๐˜„๐—ฎ๐—ฟ๐—ฒ ๐—ฐ๐˜†๐—ฏ๐—ฒ๐—ฟ๐—ฎ๐˜๐˜๐—ฎ๐—ฐ๐—ธ orchestrated by a known international threat group (๐—”๐—ฃ๐—ง๐Ÿณ๐Ÿฏ).
This was not a minor breach. This is a high-level cyber threat and this incident was officially brought to our attention by the ๐—จ๐—ป๐—ถ๐˜๐—ฒ๐—ฑ ๐—ฆ๐˜๐—ฎ๐˜๐—ฒ๐˜€ ๐—™๐—ฒ๐—ฑ๐—ฒ๐—ฟ๐—ฎ๐—น ๐—•๐˜‚๐—ฟ๐—ฒ๐—ฎ๐˜‚ ๐—ผ๐—ณ ๐—œ๐—ป๐˜ƒ๐—ฒ๐˜€๐˜๐—ถ๐—ด๐—ฎ๐˜๐—ถ๐—ผ๐—ป (๐—™๐—•๐—œ), ๐—–๐˜†๐—ฏ๐—ฒ๐—ฟ ๐—ง๐—ฎ๐˜€๐—ธ ๐—™๐—ผ๐—ฟ๐—ฐ๐—ฒ โ€“ ๐—ฃ๐—ต๐—ถ๐—น๐—ฎ๐—ฑ๐—ฒ๐—น๐—ฝ๐—ต๐—ถ๐—ฎ ๐—™๐—ถ๐—ฒ๐—น๐—ฑ ๐—ข๐—ณ๐—ณ๐—ถ๐—ฐ๐—ฒ, who made direct contact with us this morning. The ๐—™๐—•๐—œ has confirmed that our company was listed on a ransomware groupโ€™s threat site, leading them to formally recognize ๐—”๐— ๐—œ ๐—š๐—ฟ๐—ผ๐˜‚๐—ฝ ๐—ผ๐—ณ ๐—–๐—ผ๐—บ๐—ฝ๐—ฎ๐—ป๐—ถ๐—ฒ๐˜€ as a victim of a high-level cyber incident.
๐Ÿ” ๐—œ๐—บ๐—ฝ๐—ผ๐—ฟ๐˜๐—ฎ๐—ป๐˜ ๐—™๐—ฎ๐—ฐ๐˜๐˜€ ๐—ฌ๐—ผ๐˜‚ ๐—ฆ๐—ต๐—ผ๐˜‚๐—น๐—ฑ ๐—ž๐—ป๐—ผ๐˜„:
โœ…No ransom has been demanded or paid as of this notice.
โœ…The incident exclusively affects our upcoming digital platforms, including newly launched websites, systems, and servers, scheduled to go live on ๐—๐˜‚๐—น๐˜† ๐Ÿญ๐˜€๐˜, ๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฑ.
โœ…Our current and existing platforms, portals, and client systems remain fully operational, unaffected, and secure.
โœ…All AMI Group of Companies servers and data infrastructure are based in the United States, secured under stringent data protection protocols.
โœ…All core business services remain uninterrupted across all divisions and regions.
๐Ÿ’ก ๐—ช๐—ต๐˜† ๐—ช๐—ฎ๐˜€ ๐—”๐— ๐—œ ๐—š๐—ฟ๐—ผ๐˜‚๐—ฝ ๐—ผ๐—ณ ๐—–๐—ผ๐—บ๐—ฝ๐—ฎ๐—ป๐—ถ๐—ฒ๐˜€ ๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜๐—ฒ๐—ฑ?
As one of the fastest-growing multinational conglomerates in the worldโ€”operating across Financial Services, Engineering, Travel, Education, Immigration, Property, Staffing, and AIโ€”our global digital presence makes us a prime target for highly coordinated cyber threats.
The FBI’s immediate involvement speaks volumes of the scale, influence, and operational depth of ๐—”๐— ๐—œ ๐—š๐—ฟ๐—ผ๐˜‚๐—ฝ ๐—ผ๐—ณ ๐—–๐—ผ๐—บ๐—ฝ๐—ฎ๐—ป๐—ถ๐—ฒ๐˜€ . In collaboration with our internal ๐—œ๐—ป๐—ณ๐—ผ๐—ฟ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐—ง๐—ฒ๐—ฐ๐—ต๐—ป๐—ผ๐—น๐—ผ๐—ด๐˜† ๐—ฎ๐—ป๐—ฑ ๐—”๐—ฟ๐—ฐ๐—ต๐—ถ๐˜๐—ฒ๐—ฐ๐˜๐˜‚๐—ฟ๐—ฒ (๐—œ๐—ง๐—”) ๐——๐—ถ๐˜ƒ๐—ถ๐˜€๐—ถ๐—ผ๐—ป, the FBI has already begun issuing expert directives to strengthen our cyber posture and assist in the investigation.
๐Ÿ“ข ๐—” ๐—–๐—ฟ๐—ถ๐˜๐—ถ๐—ฐ๐—ฎ๐—น ๐——๐—ถ๐˜€๐˜๐—ถ๐—ป๐—ฐ๐˜๐—ถ๐—ผ๐—ป:
This cybersecurity event does not affect our live operations, and none of our current clients, partners, or platforms have experienced disruption or data loss. The incident targets only the systems scheduled for public rollout in July, which remain isolated from existing infrastructure.
๐Ÿ“ต Due to the severity of the threat and the sensitive nature of the ongoing investigation, we are unable to disclose full technical details at this time. However, rest assured that we are taking every measure in alignment with both federal guidance and internal cyber defense protocols to contain and eliminate the threat.
๐Ÿ’ฌ ๐—” ๐—™๐—ถ๐—ป๐—ฎ๐—น ๐—ช๐—ผ๐—ฟ๐—ฑ ๐˜๐—ผ ๐—ข๐˜‚๐—ฟ ๐—–๐—น๐—ถ๐—ฒ๐—ป๐˜๐˜€ ๐—ฎ๐—ป๐—ฑ ๐˜๐—ต๐—ฒ ๐—ฃ๐˜‚๐—ฏ๐—น๐—ถ๐—ฐ:
Cybersecurity is the backbone of trust in this digital age. Though this was an attempted breach of our upcoming systems, our response is immediate, coordinated, and reinforced with the backing of federal authorities.
We deeply appreciate your trust, and we are committed to keeping you informed as the situation evolves.
โ€” ๐—ง๐—ต๐—ฒ ๐—˜๐˜…๐—ฒ๐—ฐ๐˜‚๐˜๐—ถ๐˜ƒ๐—ฒ ๐— ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—บ๐—ฒ๐—ป๐˜
AMI Group of Companies โ€“ Global Headquarters
๐Ÿ“New York, USA | ๐ŸŒ www.amigroups.com
May be a graphic of text that says 'mmi UPDATE hellopeter 5000000 60 Trustindex.... sitejabber TrustSpot 50 Google'
Category: Business SectorMalware

Post navigation

โ† Resource: Insider Threat reports

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • AMI Group – Travel & Tours notice of ransomware attack
  • Resource: Insider Threat reports
  • Za: Cyber extortionist sentenced to eight years in jail
  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
ยฉ 2009 โ€“ 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.