20.6 C
New York
Wednesday, September 28, 2022

The Marriott hotel chain has been hit by another data breach

Hotel chain Marriott International has confirmed it has been hit by another data breach that exposed staff and guest information – an unfortunate security incident for a company that has been hit by a number of major hacks this past last years.

In the latest incident, first reported by DataBreaches.net, hackers allegedly stole approximately 20 GB of data, including confidential business documents and customer payment information, from the BWI Airport Marriott in Baltimore, Maryland. Examples of redacted documents posted by DataBreaches appear to show credit card authorization forms, which would give an attacker all the details needed to make fraudulent purchases with a victim’s card.

Marriott spokeswoman Melissa Froehlich Flood said The edge that the company was “aware of a threat actor who used social engineering to trick an associate of a single Marriott hotel into giving him access to the associate’s computer.” Before going public with the hack, the threatening actor had tried to extort the hotel chain but no money was paid, Froehlich Flood said.

The threat actor did not gain access to Marriott’s core network and accessed information that “mainly contains non-sensitive internal business files,” the spokesperson said. But, nevertheless, Marriott is preparing to notify between 300 and 400 people of the data breach. Law enforcement has also been notified, she said.

Based on current reports, the latest incident is far less serious than previous hacks that targeted the hotel chain. In 2018, Marriott disclosed that it had been hit by a massive database breach that affected up to 500 million guests of the Starwood hotel network, which Marriott acquired in 2016. Two years later, a another data breach in 2020 exposed the personal information of 5.2 million diners.

“As this latest data breach shows, organizations that suffered from previous attacks are more likely to be targeted in the future,” said Jack Chapman, vice president of threat intelligence at cloud security provider Egress. . “Social engineering is a very effective tool and cybercriminals know that an organization’s people are its greatest vulnerability – that’s why they come back to this technique again and again.”

Related Articles


Please enter your comment!
Please enter your name here

Stay Connected


Latest Articles