The Marriott hotel chain has been hit by another data breach

1 min


156
95 shares, 156 points

The Marriott International hotel chain has confirmed that it has been hit by yet another data breach that exposed staff and customer information in another unfortunate security incident for a company that was affected by a number of major hacks in recent years.

In the latest incident, first reported by DataBreaches.net, hackers are reported to have stolen around 20GB of data, including confidential business documents and customer payment information, from the BWI Airport Marriott in Baltimore, Maryland. Redacted sample documents published by DataBreaches appear to show credit card authorization forms, which would give an attacker all of the details needed to make fraudulent purchases with a victim’s card.

Melissa Froehlich Flood, a spokesperson for the Marriott, told The Verge that the company was “aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer.” Before going public with the hack, the threat actor had tried to extort the hotel chain but no money was paid, Froehlich Flood said.

The threat actor did not gain access to Marriott’s core network and accessed information that “primarily contained non-sensitive internal business files,” the spokesperson said. But, nonetheless, Marriott is preparing to notify between 300 and 400 individuals about the data breach. Law enforcement agencies have also been notified, she said.

Based on current reports, the latest incident is far less severe than previous hacks that have targeted the hotel chain. In 2018, Marriott revealed that it had been hit by an enormous database breach that affected up to 500 million guests of the Starwood hotel network, which was acquired by Marriott in 2016. Two years later, another data breach in 2020 exposed the personal information of 5.2 million guests.

“As this latest data breach demonstrates, organizations that are victims of previous attacks are more likely to be targeted in the future,” said Jack Chapman, VP of threat intelligence at cloud security provider Egress. “Social engineering is a highly effective tool and cybercriminals know that an organization’s people are its biggest vulnerability – which is why they return to this technique again and again.”

Source: The Verge


Like it? Share with your friends!

156
95 shares, 156 points

What's Your Reaction?

Cute Cute
10
Cute
Fun Fun
2
Fun
Hate Hate
24
Hate
Confused Confused
13
Confused
Fail Fail
5
Fail
Geeky Geeky
26
Geeky
Love Love
18
Love
OMG OMG
13
OMG
Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube, Vimeo or Vine Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format