Marriott Hotels suffers fresh data breach, 20GB of information leaked

Marriott Hotels suffers fresh data breach, 20GB of information leaked

July 6, 2022 0 By By Matthew Gooding

International hotel chain Marriott has suffered a fresh data breach, with cybercriminals claiming to have stolen 20 gigabytes of information including personal and credit card details of guests.

Marriott Hotels has suffered a fresh data breach. (Photo by Tomsmith585/iStock)

The breach is thought to have occurred when an unnamed hacking group managed to trick an employee at one of Marriott’s hotels, the BWI Airport Marriott in Baltimore, to allow them access to the company’s systems in a social engineering attack.

According to DataBreaches, which first reported the attack, the hackers have documents detailing names and other details of guests, as well as credit card information used to make bookings.

Marriott owns and operates more than 8,000 properties around the world. The company confirmed the breach to DataBreaches, but said the information stolen was mostly “non-sensitive business files”. It says it has informed between 300-400 affected parties, as well as relevant data protection watchdogs and law enforcement agencies.

The hackers have reportedly demanded a ransom to release the information back to Marriott, but it is thought the company has not yet paid up.

This is not the first time Marriott has suffered a significant data breach. In 2020 it was fined ?18.4m by the UK’s Information Commissioner’s Office for a data breach that impacted up to 339m customers. The ICO had initially threatened to fine the company up to ?99m.

This breach started when the Starwood Hotels group suffered a cyberattack in 2014. Starwood which was acquired by Marriott two years later, and the breach went undetected until 2018. The ICO said client names, addresses and passport information were vulnerable. This attack was linked to Chinese state-backed hackers, an allegation which was denied by Beijing.

Two years ago, Marriott saw data on 5.2m customers stolen. The breach, which occurred in January 2020 and was discovered two months later, is thought to have started when criminals gained access to login information from two members of staff at a Marriott hotel operated as a franchise.

Social engineering has been on the rise since the Covid-19 pandemic, with staff working remotely often vulnerable to attacks by criminals who contact them by phone or email purporting to be from their employer. This technique was used successfully by the Lapsus$ hacking gang to gain access to some of the biggest names in tech during its crime spree earlier this year.

Data, insights and analysis delivered to you

By The Tech Monitor team
Sign up to our newsletters

Read more: Data breaches are falling… except in Russia

Topics in this article: data breach

You can read the original article here —> [ Read More ]

New reasons to get excited everyday.

Get the latest tech news delivered right in your mailbox

5 Reasons Why You Should Try Online Horse Race Betting

In many places around the world, horse races are an attraction that a lot of people love to watch. With the fast-paced action and thrill that each game provides, it is no longer surprising to know that millions of fans have grown fond of it.

NordLayer — more than a business VPN

Cybersecurity threats have become vast and more sophisticated. The rate of malware attacks and malicious activity counts within seconds despite the size or sector the organization belongs to — no one is safe enough to expect that foe actors will bypass vital company resources.

close

Don't miss a beat!!

We’d love to keep you updated with the latest tech news from across the internet!

Don't worry, we don’t spam!