Home All Victims Cheval Blanc Randheli

Cheval Blanc Randheli

aurora

This record tracks a ransomware attack claimed by the aurora group against Cheval Blanc Randheli. It collects the publicly disclosed attack details — sector, location and timeline — as published on the operator's leak site and indexed by Breach House.

Window Zero

EXPOSURE GAP

Window Zero is the time the breach stayed in the open before anyone said so — the gap between when the attack was first discovered on the operator's leak site (t1) and when it was publicly disclosed (t2). The wider this window, the longer victims, staff and customers were exposed with no warning.

-42days
t1 · Published t2 · Disclosed
Apr 22, 2026Mar 11, 2026
Country
Maldives
Business Category
Hospitality / Food & Beverage / Tourism
Employees
+1000
Discovered
2026-04-29
Published
April 22, 2026
Disclosed / Notified
Mar 11, 2026
Victim ID
KQVCDEMsWm70

Attack Summary

[lvmh] Guest Passport Scans — 75,855 Files, 10 Years The single largest data category: 75,855 passport scan images spanning January 2015 through October 2024, organised in daily folders within monthly and yearly directories. These represent an estimated 20,000–30,000 unique guests. Each scan contains the full passport bio page: photo, full name, date of birth, nationality, passport number, machine-readable zone (MRZ), and signature. Among the exposed passports: Qatar Royal Family members — 9 passport scans including Muhammad Mesned S M Al-Misned, Abdulla, Khalifa, Lolwa, Nasser, Alanoud, Bessy, and Mesned UAE VIP and government officials — including H.E. Ahmed Saif Ali Aldhabea Aldarmaki, H.E. Matar Suhail Ali Alyabhouni Aldhaheri, and members of an April 2024 private buyout group who arrived on private jets (tail numbers A6AUH, A6DAH) LVMH head-office executives — 7 passport/profile photos including named senior staff from Paris Guest PMS Data — 30,000–50,000 Profiles Opera PMS exports containing full names, home addresses (street-level), nationalities, VIP classification levels (A/B/C/G), partial credit card data (last-4 digits + expiry + card type), deposit amounts, booking confirmation numbers, stay histories, travel agent details, flight numbers, and guest preferences. Employee Records — 1,000–2,000 Individuals Ten years of salary records (2017–2026), medical insurance claims organised by department, ~200 ECARD ID photos, vacation/leave records, Key Management Personnel (KMP) compensation details, and biometric enrollment data from the Gladis facility-access system. Credentials and Infrastructure BitLocker recovery key — full disk-encryption key for the Windows server volume Passwords.docx — plaintext system password store covering revenue, PMS, and operational systems Extranet passwords — booking-portal and vendor credentials 3CX VoIP backup — SIP credentials, extension configurations, call routing rules Biometric templates (Gladis enrollment) — non-rotateable fingerprint/facial data Corporate-Sensitive Documents Management Contract of Cheval Blanc Randheli — the LVMH–property owner agreement containing fee structures, performance benchmarks, and brand license terms Board investment recommendation for Velidhoo — a potential new property with capital allocation and return projections 10 years of budgets and revenue forecasts Audited subsidiary financial statements (I&T / Sitax entities) White Book — the property's operational standards manual (proprietary LVMH brand IP) Building Management System data — HVAC, power, desalination, and lighting control files for island infrastructure

Leak Screenshots

SAMPLE

Proof-of-breach screenshots the operator posted from the stolen data. Previews are redacted and locked — the originals are available on HaveIBeenRansom.

file_tree.png
finance_2024.xlsx
passport_scan.jpg
contract_signed.pdf
Sign in or explore HaveIBeenRansom to view the full leak gallery.
View leak gallery →

Dark Web Exposure

Findings for chevalblanc.com — indexed by HaveIBeenRansom.
9
found in Infostealer logs
272+
found in Traditional breaches
59+
found in Ransomware leaks
Apollo.io DB 816millions.rar
Database World ROC · breach
••• emails
Universal Companies
play · ransomware
••• emails
linkedIN_2.7z.001
Database World ROC · breach
••• emails
pureincubation-com.7z.001
Database World ROC · breach
••• emails
Televerde
play · ransomware
••• emails
@BreachedData1 LinkedIn 2021-23 Cleaned.7z.001
Database World ROC · breach
••• emails
colisprive.fr.rar
Database World ROC · breach
••• emails
contacts_120.csv
Database World ROC · breach
••• emails
+ 17 more leak sources locked
Leak volumes are locked
Sign in to reveal how many records each source exposed and the remaining 20 sources.
Want the complete picture — passwords, machines, full leak files? It's all searchable on HaveIBeenRansom.
Search this victim →
Visit Website Original Post View Group: aurora
Legal Disclaimer: This ransomware victim record reflects information published on the operator's leak site. Breach.house does not acquire, download, host, access or redistribute unlawfully obtained data. It indexes only publicly visible information posted by ransomware, breach and infostealer operators and open web sources, without accessing the underlying stolen content. The service supports public awareness, legitimate research and cyber-resilience.