Marriott confirms yet another data breach
#1
FlyerTalk Evangelist
Original Poster
Join Date: Mar 2014
Location: 4éme
Posts: 12,038
Marriott confirms yet another data breach
Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data, including guests’ credit card information.
The incident, first reported by Databreaches.net, is said to have happened in June when an unnamed hacking group claimed they used social engineering to trick an employee at a Marriott hotel in Maryland into giving them access to their computer.
“Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer,” Marriott spokesperson Melissa Froehlich Flood told TechCrunch in a statement. “The threat actor did not gain access to Marriott’s core network.”
Marriott said the hotel chain identified, and was investigating, the incident before the threat actor contacted the company in an extortion attempt, which Marriott said it did not pay.
The group claiming responsibility for the attack say the stolen data includes guests’ credit card information and confidential information about both guests and employees. Samples of the data provided to Databreaches.net purport to show reservation logs for airline crew members from January 2022 and names and other details of guests, as well as credit card information used to make bookings.
The incident, first reported by Databreaches.net, is said to have happened in June when an unnamed hacking group claimed they used social engineering to trick an employee at a Marriott hotel in Maryland into giving them access to their computer.
“Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer,” Marriott spokesperson Melissa Froehlich Flood told TechCrunch in a statement. “The threat actor did not gain access to Marriott’s core network.”
Marriott said the hotel chain identified, and was investigating, the incident before the threat actor contacted the company in an extortion attempt, which Marriott said it did not pay.
The group claiming responsibility for the attack say the stolen data includes guests’ credit card information and confidential information about both guests and employees. Samples of the data provided to Databreaches.net purport to show reservation logs for airline crew members from January 2022 and names and other details of guests, as well as credit card information used to make bookings.
#2
Join Date: May 2002
Programs: WN F9 HA UA AA IHG HH MR
Posts: 3,305
#4
Join Date: Aug 2007
Programs: DL DM
Posts: 1,079
You would think they would have learned by now on how to keep data safe
#5
Join Date: Feb 2020
Location: USA
Programs: MB Ambassador, WOH Globalist, HH Diamond (Aspire), AA Gold, UA (*G) Gold
Posts: 5,152
I never said anything about those other breaches - my point is that a social engineering attack at a single property is vastly different than those breaches. The OP failed to mention the scope. Assuming that each Marriott property will prevent every breach seems overly harsh, especially when social engineering is involved.
#7
Join Date: May 2002
Programs: AAdvantage Platinum, United Silver, Marriott Titanium Elite
Posts: 2,276
The Starwood Hotels reservation system was breached beginning in 2014. This was not discovered until after Marriott acquired Starwood:
Marriott Announces Starwood Guest Reservation Database Security Incident, November 30, 2018 (Marriott News Center)
Then, in 2020, a breach involving stolen employee log-ins affected 5.2 million guests:
Marriott International Notifies Guests of Property System Incident, March 31, 2020 (Marriott News Center)
In the newest (2022) breach, someone obtained access to a computer account at the BWI Airport Marriott, providing visibility to what one hotel associate would be able to access:
Marriott Plays Down 20GB Data Breach, July 7 2022 (Info Security Magazine)
#8
Join Date: May 2010
Posts: 3,461
If you think ANYONE is safe from this then you are in fantasyland. Your data is not safe at Marriott, Hilton, Hyatt etc.... it's not "if" it's "when"
Truthfully a company hasn't notified you it's probably because they just haven't discovered it yet
Truthfully a company hasn't notified you it's probably because they just haven't discovered it yet
#9
A FlyerTalk Posting Legend
Join Date: Apr 2004
Location: GVA (Greater Vancouver Area)
Programs: DREAD Gold; UA 1.035MM; Bonvoy Au-197; PCC Elite+; CCC Elite+; MSC C-12; CWC Au-197; WoH Dis
Posts: 52,139
#10
Join Date: Aug 2008
Location: Somewhere in Florida
Posts: 2,620