Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Marriott Confirms Small-Scale Data Breach

International hotel chain Marriott has confirmed that an unknown threat actor has accessed data on a computer at one of its hotels.

International hotel chain Marriott has confirmed that an unknown threat actor has accessed data on a computer at one of its hotels.

“Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer. The threat actor did not gain access to Marriott’s core network,” a Marriott spokesperson told SecurityWeek.

The attackers, a group of hackers active for roughly five years, claim to have stolen 20 gigabytes of files from a server belonging to BWI Airport Marriott in Maryland (BWIA), Databreaches reported.

“The incident was contained to a short period of time. Marriott identified and was investigating the incident before the threat actor contacted the company in an extortion attempt, which Marriott did not pay,” the spokesperson said.

The spokesperson also said that the attackers were able to access non-sensitive internal business files that were related to the operation of the property, but the attackers told Databreaches that personal information of hotel guests and personnel was also accessed, including names, flight numbers, and more.

The associate appears to have had access to guest reservations and credit card information and to have been in the possession of at least one human resources-related file, containing a personnel assessment of an event supervisor.

“The company is preparing to notify 300-400 individuals regarding the incident,” Marriott’s spokesperson told SecurityWeek, without offering further details on the impacted individuals.

Over the past decade, Marriott has been the victim of several cyber incidents, including a Starwood data breach disclosed in 2018 and a March 2020 incident that impacted 5.2 million guests. In 2019, the company disclosed impact from a data breach at one of its vendors.

Related: Britain Fines US Hotel Chain Marriott Over Data Breach

Related: Data Breach Cost Marriott $28 Million So Far

Related: FTC Takes Action Against CafePress Over Massive Data Breach, Cover-Up

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.