top of page

7/15/25 8:30am Good Morning, I want to provide a quick update on where we stand with system recovery. As always, if you have any questions or would like more detailed information, please don’t hesitate to reach out — we're happy to talk with you. Please share with your team as appropriate. Current Recovery Status 1.Core Servers Restored: The core servers are fully recovered and running. The system is only accessible directly on the server, it’s unavailable to users why we rebuild the software, system structure, etc. 2.Data Catch-Up in Progress: The system is actively downloading and processing daily files submitted during the downtime. To expedite this process, we have temporarily paused Journal Entry production. 3.Application Reinstalls Underway: All applications are being reinstalled to ensure the most current versions are in place. 4.System Architecture Rebuild: We’re rebuilding the parts of the system that manage user access and distribute workloads across multiple servers. 5.Security Enhancements: We are reviewing all possible points of exposure and implementing stronger safeguards where needed. 6.Password Reset Required: Upon first login after the system is restored, all users will be required to reset their password. 7.User Review in Progress: You may receive an email asking you to confirm whether certain user accounts are still active. We’re cleaning up outdated logins as part of our security update. ________________________________________ So, When Will You Be Back In? We’re targeting Monday July 21 for full system restoration. If we can bring it online sooner, we will. Once the system is live, here’s what you can expect: 1.Daily Files Preloaded: We will have already uploaded all PMS and POS files on your behalf. 2.Journal Entries Posted: We’ll also identify and post any missing Journal Entries. 3.Out-of-Balance Alerts: If any day is out of balance, the system will flag it for your attention. 4.HLO Scheduling: We’re working on a plan to automatically roll HLO schedules forward to account for the skipped week. 5.Forecasting Access: We're currently reviewing the best approach for reactivating Financial Planning (Forecast) tools and steps. ________________________________________ Thank you again for your patience and support. Our team is moving as fast as possible — with a clear focus on safety and stability — to get you back to business. Best regards, Jim Jim DiMartino Executive Vice President Please Support www.enditmovement.com

7/14/25 11:45am Good Afternoon, Before we provide an update on our system recovery efforts, we want to be transparent about the exposure and legal matters related to the recent security breach. Please take a moment and review this. 1. Contact with Hackers The individuals behind the breach have contacted us, demanding payment in exchange for releasing their encryption on our servers. However, since our recovery efforts are progressing well without their assistance, we are not inclined to negotiate or pay them for decryption. They are also threatening to: •Publicly disclose data taken from our systems, and/or •Notify you directly that they have breached CIA Software. Their claim of possessing data is being treated seriously, but it’s important to understand the following: 2. Nature of the Data and Risk of Exposure •No sensitive financial or personal data is stored in our system. CIA Software does not store PCI data, Social Security Numbers, credit card details, bank account information, or other personal financial records. •We cannot verify exactly what, if any, data they have. •Our system stores aggregated operational data, such as: oTotal Amex payments received on a given day (but not individual transactions) oTotal payroll amounts for a department (but not amounts paid to individual employees) •Our data structure is complex, involving many interlinked tables. It would require a deep understanding of our database schema to associate any data with a specific hotel. 3. Law Enforcement Involvement We have reported the incident to both the Department of Homeland Security and the FBI, and official investigations are underway. The FBI has advised: “The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.” FBI Ransomware Guidance Given this advice, the nature of the data involved, and our current recovery progress, we do not believe it is prudent to engage with or compensate the attackers. We will continue cooperating with the FBI in their efforts to identify those responsible. 4. Additional Exposure – Email Addresses Our system does store user email addresses. As a precaution, please be extra vigilant when receiving any unexpected or suspicious emails, especially from someone claiming to be from CIA Software. We can share a screenshot of an email received from the attackers. If you are contacted by Jerome Patison or anyone else claiming to have your data, please forward it to us so we can provide it to the FBI. If you have concerns or would like to discuss what data might have been exposed, we are more than willing to schedule a call with you. Ultimately, we understand this is your data and believe you deserve to be included in any discussions about how we respond to the hackers’ threats. A separate update on our system recovery will follow shortly. It will include required password updates. Thank you, Jim Jim DiMartino Executive Vice President Please Support www.enditmovement.com

7/11/25  10:50am

Subject: System Breach – Recovery Update

 

Good Morning,

 

I want to provide you with a brief update on where things stand regarding our efforts to restore the system. My goal is to keep you informed and answer any questions you may have—without overwhelming you with technical details that our team is actively managing.

 

Please don’t hesitate to reach out if you have questions or need additional information.

 

Current Status and Key Points:

 

  1. Incident Reporting
    The breach has been reported to both the Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA) and the FBI. While we’ve received case numbers, there has been no further communication from either agency at this time.

 

  1. Cybersecurity Support
    We’ve engaged a cybersecurity firm to support our recovery. Initial conversations have been productive, and we’re confident they will offer valuable insight and guidance. We’re also hopeful they may assist in decrypting the affected systems.

 

  1. Time of Incident
    We’ve identified the time of the breach as approximately 5:00 AM on July 10. The method of entry is still unknown. As we proceed with recovery, we are actively reviewing all possible access points and will be implementing additional security measures.

 

  1. Backup Availability
    Fortunately, our core systems are backed up weekly, with the last backup completed on Sunday, July 7. This backup, stored on S3-compatible cloud storage, is unencrypted and includes all data, programs, and environment configurations.

 

  1. Server Restoration Process
    We are rebuilding each server in an isolated environment, using new virtual machines. We’re restoring from the July 7 backup, scanning with an advanced cybersecurity application, and conducting baseline testing before bringing systems online.

 

  1. Redundant Server Rebuild
    Once the core servers are restored, we will rebuild the redundant servers used for performance support. These will be re-synced and monitored in a test environment to ensure stability.

 

  1. Recovery Timeline
    Our goal is to have full recovery completed by the end of next week. All available resources are dedicated to this effort.

 

  1. Data Recovery Options
    We are still determining whether the system can recover the data between the breach and restoration.

 

  • If successful, the system will automatically reconcile the missing data, which may take up to 24 hours.

 

  • If not, we’ll rely on the July 7 backup, and properties will need to resubmit PMS/POS files for July 7, 8, and 9. We are developing the simplest and most efficient process for this, should it become necessary.

 

We deeply appreciate your patience and support as we work to restore normal operations. We understand how disruptive this has been and are proceeding with urgency and care to resolve it thoroughly and securely.

 

In Monday’s update, I will share more about the preventive measures being put in place to avoid future incidents, as well as further details on the recovery progress.

 

Thank you again for your understanding.

 

Jim

 

Jim DiMartino

Executive Vice President

 

 Please Support 
 www.enditmovement.com

Sign up to reserve your spot in the next available group.

  • Facebook
  • Twitter
  • Instagram
  • LinkedIn

©  CIA Solutions. | All Rights Reserved. 

WORTH logo
Blue Smoke

WORTH adds Hotel-Industry Specific

Reporting to your accounting solution.

 

  • Youtube
  • LinkedIn
  • Facebook
  • X
bottom of page