Marriott suffers yet another data breach
Data on some 400 people stolen
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Hotel chain Marriott has suffered yet another data breach, with unknown threat actors managing to steal 20GB worth of data from itsservers.
As reported byEngadget, the attackers targeted the company’s employees with social engineering techniques, and one of them fell for it. The group managed to access the company’sendpointsfor less than a day, but this was enough to steal data on up to 400 people, most of whom were allegedly former employees.
“Their information was in archived files that were not detected by the scanning tool we use as part of our proactive security efforts to identify and remove sensitive data from devices,” a Marriott spokesperson toldEngadget.
Core network untouched
Apparently, the threat actor targeted the BWI Airport Marriott, in Maryland, USA. It obtained reservation documents for flight crews, as well as corporate credit card numbers for an airline or travel agency. Marriott further said that most of the data was “non-sensitive internal business files regarding the operation of the property.”
“The incident only involved access to one associate’s device and documents on a connected file share server,” the spokesperson said. “The incident did not involve access to Marriott’s core network, the guest reservation system at the property or the payment processing system at the property.”
Millions of Marriott customers exposed in massive data breach>500 million Marriott customers affected by data breach>Best identity management software of 2022
The group also tried to extort Marriott, but the company is said to have refused to pay a ransom fee for the safe return of the data.
Marriott can’t seem to catch a break with cyberattacks. In the past decade, the chain has suffered seven incidents, the biggest happening in November 2018, after purchasing Starwood hotels.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The subsidiary was already compromised when Marriott bought it, but after failing to properly audit its systems, it ended up giving away data on more than 380 million guests. Theidentitiesof many customers were at risk, as more than five million unencrypted passport numbers were allegedly stolen, as well.
The company was fined almost $22 million by the UK’s Information Commissioner’s Office (ICO) for the incident.
ViaEngadget
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Scammers are using fake copyright infringement claims to hack businesses
HPE reveals critical security bug affecting networking access points
From Dishonored to Mafia: Definitive Edition, some of my favorite games are free right now for Amazon Prime members
