Travel News

Marriott Data Breached Again in Single-Hotel Incident

In its third such incident in four years, Marriott International was on the defensive this week to confirm a data breach involving a property near Baltimore-Washington International Airport.

The breach occurred last month and the hotel company claimed the problem was within six hours. It said an investigation was underway before a hacker group contacted the hotel to try to negotiate a ransom.

The breach was first reported by, with whom a group claiming to be a threatening actor contacted them about their intrusion into Marriott’s system. The group told Databreches that it had tricked a single employee into giving hackers their credentials. Through that person’s computer, the group was able to extract 20GB of data.

Marriott downplayed the significance of the breach, telling Databrech, “We have no evidence that this one associate of the threatening actor had access beyond the accessible files.” The hotel company did not pay the hacker’s ransom claim.

Nevertheless, the data includes complete corporate card information and CVV numbers of guest and hotel booking companies. Marriott said it needs to contact 300 to 400 people affected by the breach.

The scale of the June breach has faded compared to Marriott’s previous data security failures. In 2020 the company paid the UK Information Commissioner’s Office a fine of around 24 million for an ongoing breach extended from 2014 to 2018 and for failing to properly protect guest data in accordance with EU General Data Protection Rules for compromising 339 million guest records. Another breach in 2020 compromised the 5.2 million guest record.

Bad actors continue to target hotels as an easy pick for hacks. Reports from PwC and others point to the richness of personal data collected at the hotel level, and numerous touchpoints for that data make it vulnerable to cyber threats. In addition to Marriott’s string of data breaches, MGM Resorts International, The Ritz London and Choice Hotels International have experienced high-profile data breaches over the past five years.

Source link

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button