Marriott suffered another data breach at the BWI Airport Marriott.
This is the most recent in a series of successful cyberattacks against one of the largest hotel chains in the world, Marriott Hotels.
The international hotel chain Marriott has confirmed that they have suffered a recent data breach from an unnamed group of malicious actors.
A total of 20 GB of data, including several credit card numbers and private information, was exfiltrated by the threat actors. As confirmed, the breached data may have originated from the BWI Airport Marriott in Maryland (BWIA).
Marriott stated that the breach happened as a result of social engineering that successfully persuaded one employee at a single Marriott hotel chain to grant the threat actor(s) access to that employee's computer.
Marriot's Data Breach
Marriott's cyberattack compromised some credit card numbers and non-sensitive internal business papers among the 20GB of files that were taken during the attack, as Bleeping Computer reports.
Aside from that, the hotel chain company did not provide any further detailed information regarding what was in the 20GB of stolen data.
Marriott also did not clarify whether the illegally obtained data was information about their clients, information about their staff and employees, or both.
According to BleepingComputer, a Marriott spokesperson said, "This incident only involved one property."
The threat actor was not successful in gaining access to the core network of Marriott. The period of time that the individual had access to one of the devices located on the relevant site was only about six hours.
Marriott also added that the threat actors did not impersonate themselves as Marriott suppliers in any way.
Additionally, the attackers made an attempt to blackmail Marriott by threatening to publish the stolen data on the internet.
However, as reported, the hotel chain stated it did not make any payments to the threat actors, nor did it furnish them with anything.
Marriott has stated that it has contacted the FBI and retained the services of an independent security firm to look into the matter.
Marriott claimed that it would contact relevant law enforcement authorities as well as around 300-400 individuals whose personal information had been compromised due to this data breach.
Marriott's Previous Cyberattack
This recent incident at Marriott is not the first time the company has been the victim of a significant data breach.
Since 2018, Marriott has now acknowledged a total of three separate data breaches.
As reported by TechCrunch, the hackers broke into the hotel chain in 2014 and gained access to approximately 340 million guest records around the world.
This incident was not discovered until September 2018 and resulted in a punishment of $24 million from the Information Commissioner's Office in the United Kingdom.
In January of 2020, Marriott fell victim to another cyberattack, this time a distinct one that affected around 5.2 million guests.
The data breach confirmed in 2020 was a more severe concern since the files that were stolen included personal information of millions of guests in the hotel.
The hacking in 2020 was discovered late in February.
The hotel giant said that it found a data breach in a property management system at a certain franchise of the hotel.
The hackers were able to gain the login information for two different employees.
Marriott's previous breach included phone numbers, names, dates of birth, addresses, loyalty members, and travel-related information like airline membership numbers and room preferences.
Related Article: Has Walmart Fallen Victim to a Yanluowang Ransomware Attack?