Hotel giant Marriott International has suffered a data breach, with hackers stealing 20 gigabytes of sensitive information, including guests’ credit card information.
In 2020, Marriott notified 5 million guests their information was compromised through an app used to provide services at hotels.
This event is on a smaller scale, as according to a report by DataBreaches the incident, which took place in June, saw an as-yet unidentified group claim they used “social engineering” — where hackers trick someone into performing an action or divulging confidential information — to access a computer at the BWI Airport Marriott Maryland.
The hotel is described as “modern, convenient and superbly situated” and is a popular layover for flight crews — leaked documents include reservations made by airlines for their employees.
Names and details of other guests, including credit card information used to make bookings, have also been leaked, and Marriott is reportedly notifying up to 400 individuals of the attack, although it’s unclear if they are mostly guests or Marriott’s own staff.
“Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer. The threat actor did not gain access to Marriott’s core network,” a Marriott spokesperson told TechCrunch.
It is unclear whether ransom money was demanded.
Earlier this month Israel’s Gol Tours Ltd suffered a cyber attack that saw 30,000 profiles leaked.
UPDATE: In a statement to Skift on Thursday, a Marriott International spokesperson said:
“Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer. The threat actor did not gain access to Marriott’s core network. Our investigation determined that the information accessed primarily contained non-sensitive internal business files regarding the operation of the property. The incident was contained to a short period of time. Marriott identified and was investigating the incident before the threat actor contacted the company in an extortion attempt, which Marriott did not pay. The company is preparing to notify 300-400 individuals regarding the incident. Marriott has also notified law enforcement and is supporting their investigation.”