International hotel chain Marriott has confirmed that an unknown threat actor has accessed data on a computer at one of its hotels.
“Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer. The threat actor did not gain access to Marriott’s core network,” a Marriott spokesperson told SecurityWeek.
The attackers, a group of hackers active for roughly five years, claim to have stolen 20 gigabytes of files from a server belonging to BWI Airport Marriott in Maryland (BWIA), Databreaches reported.
“The incident was contained to a short period of time. Marriott identified and was investigating the incident before the threat actor contacted the company in an extortion attempt, which Marriott did not pay,” the spokesperson said.
The spokesperson also said that the attackers were able to access non-sensitive internal business files that were related to the operation of the property, but the attackers told Databreaches that personal information of hotel guests and personnel was also accessed, including names, flight numbers, and more.
The associate appears to have had access to guest reservations and credit card information and to have been in the possession of at least one human resources-related file, containing a personnel assessment of an event supervisor.
“The company is preparing to notify 300-400 individuals regarding the incident,” Marriott’s spokesperson told SecurityWeek, without offering further details on the impacted individuals.
Over the past decade, Marriott has been the victim of several cyber incidents, including a Starwood data breach disclosed in 2018 and a March 2020 incident that impacted 5.2 million guests. In 2019, the company disclosed impact from a data breach at one of its vendors.
Related: Britain Fines US Hotel Chain Marriott Over Data Breach
Related: Data Breach Cost Marriott $28 Million So Far
Related: FTC Takes Action Against CafePress Over Massive Data Breach, Cover-Up
More from Ionut Arghire
- Malicious NPM, PyPI Packages Stealing User Information
- Boxx Insurance Raises $14.4 Million in Series B Funding
- Prilex PoS Malware Blocks NFC Transactions to Steal Credit Card Data
- 30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability
- Guardz Emerges From Stealth Mode With $10 Million in Funding
- Critical QNAP Vulnerability Leads to Code Injection
- GitHub Revokes Code Signing Certificates Following Cyberattack
- Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data
Latest News
- Malicious NPM, PyPI Packages Stealing User Information
- VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
- 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis
- Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’
- Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform
- Ransomware Leads to Nantucket Public Schools Shutdown
- Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing
- Boxx Insurance Raises $14.4 Million in Series B Funding
