Another data leak at the Marriot hotel chain: company and customer data compromised

Another data leak at the Marriot hotel chain: company and customer data compromised

The US hotel chain Marriot has confirmed a new data leak. Criminals claim they gained access to 20GB of data that includes confidential business records and customer payment information. These come from the “BWI Airport Marriott”, an airport hotel in Baltimore, Maryland.

According to information from DataBreaches.net, criminals gained access to a hotel computer and connected servers in June using social engineering. Among other things, they were able to tap credit card information from Marriot customers.

At the request of TechCrunch, a spokeswoman for the hotel group confirmed the attack. An employee of the airport hotel fell victim to social engineering and gave an external person access to a hotel computer. First, the criminals tried to blackmail the hotel chain with the data leak. But no ransom was paid, she said.

According to a Marriot spokeswoman, the criminals had no access to the hotel chain’s core network. They were only able to access “primarily non-sensitive internal business files” pertaining to that individual hotel. Despite this, Marriot intends to notify between 300 and 400 customers about the data leak. Law enforcement agencies have also been involved.

This is the third known data breach at the hotel chain. In 2018, data from 500 million hotel guests was tapped through “unauthorized network access” at Marriott. Access was therefore via the IT systems of the subsidiary Starwood.

About a year and a half later, another data leak at Marriott allegedly affected 5.2 million hotel guests. In this case, unknown persons were apparently able to access the data records via the logins of two employees of a franchisee in the chain. Compared to those two leaks, the Baltimore airport hotel is a small case.

A security expert told The Verge that “Organizations that have been victims of previous attacks are more likely to be targeted in the future, as this latest data breach shows.” This applies in particular to social engineering, which exploits the human factor in IT security. “Cyber ​​criminals know that a company’s employees are its greatest weak point – which is why they keep resorting to this technique.”

MacBook Air with M2: Apple gives specific dates for pre-orders and sales Previous post MacBook Air with M2: Apple gives specific dates for pre-orders and sales
Lockdown mode: Apple closes the bulkheads for those at risk of espionage Next post Lockdown mode: Apple closes the bulkheads for those at risk of espionage