The hotel group Marriott International has confirmed yet another Marriot data breach. The report suggests that the hackers have managed to steal over 20 GB of sensitive information, including guests’ credit card credentials.
Databreaches.net was the first one to report the incident as it claims that it happened back in June when an anonymous hacking group used social engineering to trick the employees at the hotel in Maryland into providing them their computer access.
Melissa Froehlich Flood, Marriott spokesperson, said, “Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer,” She added, “The threat actor did not gain access to Marriott’s core network.”
Marriott states that the hotel chain recognized and investigated the issue before the threat actor contacted the company in an extortion attempt which Marriott didn’t agree to pay.
Marriot Data Breach
The hacking group claims that the sensitive data includes the guests’ credit card information and confidential information about employees and guests. The samples provided to Databreaches.net shows reservation logs for the airline crew members from January 2022, along with the names and details of guests and their credit data information used for booking and payments.
However, while talking to TechCrunch, Marriott states the investigation on their side shows the data accessed “primarily contained non-sensitive internal business files regarding the operation of the property.”
The company claims that it was preparing to notify around 300-400 individuals about the incident. It also notified the law enforcement agencies about the incident.
Not a new sight
However, it isn’t the first time that the hotel chain encountered a significant data breach. Hackers back in 2014 breached the hotel chain and gained access to nearly 340 million guest records globally. This Marriot Data Breach incident wasn’t detected till September 2018. It led to a $24 million fine from the UK’s information commissioner’s office.
In June 2020, Marriott suffered another hack that affected nearly 5.2 million guests. TechCrunch questioned the hotel chains Cybersecurity protection measures to fight against such incidents, but the company declined or, more likely, failed to answer the question.