International hotel chain Marriott has confirmed that an unknown threat actor has accessed data on a computer at one of its hotels.
“Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer. The threat actor did not gain access to Marriott’s core network,” a Marriott spokesperson told SecurityWeek.
The attackers, a group of hackers active for roughly five years, claim to have stolen 20 gigabytes of files from a server belonging to BWI Airport Marriott in Maryland (BWIA), Databreaches reported.
“The incident was contained to a short period of time. Marriott identified and was investigating the incident before the threat actor contacted the company in an extortion attempt, which Marriott did not pay,” the spokesperson said.
The spokesperson also said that the attackers were able to access non-sensitive internal business files that were related to the operation of the property, but the attackers told Databreaches that personal information of hotel guests and personnel was also accessed, including names, flight numbers, and more.
The associate appears to have had access to guest reservations and credit card information and to have been in the possession of at least one human resources-related file, containing a personnel assessment of an event supervisor.
“The company is preparing to notify 300-400 individuals regarding the incident,” Marriott’s spokesperson told SecurityWeek, without offering further details on the impacted individuals.
Over the past decade, Marriott has been the victim of several cyber incidents, including a Starwood data breach disclosed in 2018 and a March 2020 incident that impacted 5.2 million guests. In 2019, the company disclosed impact from a data breach at one of its vendors.