Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Marriott Confirms Small-Scale Data Breach

International hotel chain Marriott has confirmed that an unknown threat actor has accessed data on a computer at one of its hotels.

International hotel chain Marriott has confirmed that an unknown threat actor has accessed data on a computer at one of its hotels.

“Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer. The threat actor did not gain access to Marriott’s core network,” a Marriott spokesperson told SecurityWeek.

The attackers, a group of hackers active for roughly five years, claim to have stolen 20 gigabytes of files from a server belonging to BWI Airport Marriott in Maryland (BWIA), Databreaches reported.

“The incident was contained to a short period of time. Marriott identified and was investigating the incident before the threat actor contacted the company in an extortion attempt, which Marriott did not pay,” the spokesperson said.

The spokesperson also said that the attackers were able to access non-sensitive internal business files that were related to the operation of the property, but the attackers told Databreaches that personal information of hotel guests and personnel was also accessed, including names, flight numbers, and more.

The associate appears to have had access to guest reservations and credit card information and to have been in the possession of at least one human resources-related file, containing a personnel assessment of an event supervisor.

“The company is preparing to notify 300-400 individuals regarding the incident,” Marriott’s spokesperson told SecurityWeek, without offering further details on the impacted individuals.

Over the past decade, Marriott has been the victim of several cyber incidents, including a Starwood data breach disclosed in 2018 and a March 2020 incident that impacted 5.2 million guests. In 2019, the company disclosed impact from a data breach at one of its vendors.

Advertisement. Scroll to continue reading.

Related: Britain Fines US Hotel Chain Marriott Over Data Breach

Related: Data Breach Cost Marriott $28 Million So Far

Related: FTC Takes Action Against CafePress Over Massive Data Breach, Cover-Up

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.