Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

Marriott Confirms Small-Scale Data Breach

International hotel chain Marriott has confirmed that an unknown threat actor has accessed data on a computer at one of its hotels.

International hotel chain Marriott has confirmed that an unknown threat actor has accessed data on a computer at one of its hotels.

“Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer. The threat actor did not gain access to Marriott’s core network,” a Marriott spokesperson told SecurityWeek.

The attackers, a group of hackers active for roughly five years, claim to have stolen 20 gigabytes of files from a server belonging to BWI Airport Marriott in Maryland (BWIA), Databreaches reported.

“The incident was contained to a short period of time. Marriott identified and was investigating the incident before the threat actor contacted the company in an extortion attempt, which Marriott did not pay,” the spokesperson said.

The spokesperson also said that the attackers were able to access non-sensitive internal business files that were related to the operation of the property, but the attackers told Databreaches that personal information of hotel guests and personnel was also accessed, including names, flight numbers, and more.

The associate appears to have had access to guest reservations and credit card information and to have been in the possession of at least one human resources-related file, containing a personnel assessment of an event supervisor.

“The company is preparing to notify 300-400 individuals regarding the incident,” Marriott’s spokesperson told SecurityWeek, without offering further details on the impacted individuals.

Over the past decade, Marriott has been the victim of several cyber incidents, including a Starwood data breach disclosed in 2018 and a March 2020 incident that impacted 5.2 million guests. In 2019, the company disclosed impact from a data breach at one of its vendors.

Related: Britain Fines US Hotel Chain Marriott Over Data Breach

Related: Data Breach Cost Marriott $28 Million So Far

Related: FTC Takes Action Against CafePress Over Massive Data Breach, Cover-Up

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...