Another data breach attack had hit a hotel chain Marriott International, losing over 20GB of company files to the unidentified threat actors. According to the reports, the hackers could breach only one of the Marriot hotel’s properties, the BWI Airport Marriott, and infiltrate its networks for approximately six hours.
As stated by the hotel chain’s representative, the threat actor had tricked one of its staff into giving them access to their computer using an effective social engineering tactic. The stolen data from Marriott hotel consisted of internal business documents and credit card information. It is still unclear whether the incident impacted the hotel chain’s guests and staff, but the firm said that around 300 to 400 individuals’ data were compromised.
Furthermore, the hotel chain also clarified that they had not paid the threat actors despite their attempts to extort money from them. They immediately alerted the FBI and a third-party cybersecurity firm to help them with the investigation.
Since 2018, Marriott hotel has reported three data breaches, including one in 2020 that exposed over 5.2 million of their guests to a data leak comprised of personal and contact details.
In November 2018, the hotel chain also confirmed suffering from a data breach in their Starwood Hotels guest reservation servers that holds hundreds of millions of client and guest databases.
The 2018 incident happened two years after they acquired Starwood and disclosed that the stolen data from the attack included guests’ full names, addresses, email addresses, passport numbers, and AES-128-encrypted banking details.
From the previous investigation on the 2018 cyber-attack incident, Marriot hotel revealed that there were identified signs of numerous unauthorised access on their networks as far back as 2014 that compromised more than 339 million personal info of their guests worldwide. The UK Information Commissioner’s Office charged the hotel chain because of the data compromise incident, with their fine reaching to up to £14.4 million or $24 million.
