Contents:
The recent incident at Marriott is not the first time the company has been the victim of a massive data breach. An incident that occurred in 2014 but was not discovered until September 2018 led to a fine of £14.4 million ($24 million) from the Information Commissioner’s Office in the United Kingdom.
Names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, dates of birth, gender, arrival and departure information, reservation dates, and communication preferences were among the data collected. Payment card numbers and expiration dates were also included in certain cases, but these were presumably encrypted.
Following the incident, Marriot conducted an investigation with the help of security specialists and announced steps to phase out Starwood systems and expedite network security upgrades.
What Happened?
Another data breach has been reported by the hotel chain Marriott International. The hackers who were responsible for the breach claim to have taken 20 gigabytes of sensitive data, including the credit card information of customers.
The incident is believed to have taken place in June when an anonymous hacking organization claimed they utilized social engineering to deceive an employee at a Marriott hotel in Maryland into providing them access to the property’s computer.
Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer. The threat actor did not gain access to Marriott’s core network.
Marriott said that the hotel chain had discovered the event and was investigating it prior to the threat actor contacting the firm in an effort to extort money from it, nevertheless, Marriott stated that it did not pay the ransom.
According to the malicious group that has claimed responsibility for the hack, the stolen data includes the credit card information of visitors as well as the personal information of both guests and workers. Databreaches.net has received samples of data that claim to reveal reservation records for airline crew members beginning in January 2022, as well as the names and other details of visitors, as well as credit card information that was used to make reservations.
However, the investigation conducted by the company revealed that the data that was accessed mostly consisted of non-sensitive internal business files pertaining to the running of the property.
The company has indicated that it intends to inform between three hundred and four hundred persons about the incident, and it has already informed the appropriate law enforcement authorities.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.