Marriott has suffered yet another data breach, the second time the hotel chain has had data stolen this year and this was the third attack encountered by the hotel chain.
Reported by DataBreaches.net, an unnamed hacking group claimed to have stolen roughly 20GB of data including credit card information and PII on guests and workers, was stolen from an employee at the BWI Airport Marriott in Baltimore.
Marriott has confirmed the data breach. The attack vector involved the hackers tricking a Marriott associate into giving access to the associate’s computer through social engineering.
The hacking group also demanded a ransom payment from Marriott not to release the stolen data, but the ransom was not paid. Further details not disclosed.
Marriott claims it had identified the incident before being contacted by the hackers and contained it within six hours. The hotel chain is informing about 300 to 400 individuals who may have been affected and has also informed regulators and law enforcement.
Marriott was hacked via its Starwood subsidiary in 2014 but the hack was discovered and reported only in November 2018. That hack involved the theft of data relating to some 500 million customers and was later linked to Chinese state-sponsored hackers, a claim the Chinese government denied.
Marriott was suffered yet another data breach believed to have involved data that includes the PII of some 5.2 million guests and is believed to have been accessed by an unknown third party using the login credentials of two employees at a group hotel operated as a franchise.