Marriott International suffered a new data breach, attackers stole 20GB of data

Hotel chain Marriott International suffered a new data breach, a threat actor has stolen 20GB from the company.

Hotel chain Marriott International confirmed it has suffered a new data breach after a threat actor stole 20GB of files from one of its properties.

The attacker compromised the network at the BWI Airport Marriott Maryland  (BWIA), as confirmed later by the company.

The threat actor told DataBreaches.net website that they had access to the Marriott property’s network about a month ago, they also added that the 0 GB of data exfiltrated included some credit card info and confidential information.

According to statements made to DataBreaches, the attackers also notified numerous employees at Marriot about the security breach. The company initially responded to them, but later interrupted any communication.

“This incident only involved one property. The threat actor did not gain access to Marriott’s core network. The access to one device at the property involved only lasted for approximately six hours,” a Marriott spokesperson told to media [1][2].

The threat actor attempted to extort Marriot by threatening to leak the stolen files, but the company refused to pay a ransom and notified the authorities.

Marriott also hired a leading cyber security firm to investigate the security breach.

“Marriott acknowledged that while most of the data acquired by GNN was what Marriott described as non-sensitive internal business files, they will be notifying approximately 300-400 individuals and any regulators, as required. They did not provide a full description as to what kinds of personal information were involved for the individuals being notified.” reported DataBreaches.

This isn’t the first incident suffered by Marriot, below is a list of some of the security breaches it was the victim of:

• November 2018 – Starwood Data Breach – Hackers accessed the guest reservation system of the Marriot-owned Starwood since 2014 and copied and encrypted the information of about 327 million guests.
• March 2021 – Marriott disclosed a new security breach detected at the end of February 2020 that could impact up to 5.2 million of its guests.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]