Marriott hit by data breach through social engineering
Unknown attackers were reportedly able to exfiltrate 20GB of information from the company
Marriott International has revealed that unknown hackers infiltrated its computer networks and then attempted to extort the company.
The incident reportedly took place a month ago and the attackers were able to exfiltrate 20GB of data including credit card and confidential information, according to DataBreaches. The hotel impacted appears to be BWI Airport Marriott in Maryland in the US.
The breach occurred because an attacker carried out social engineering and successfully tricked an associate at a Marriott hotel into giving them access to the associated computer, Marriott said in a statement to IT Pro.
“Our investigation determined that the information accessed primarily contained non-sensitive internal business files regarding the operation of the property,” added the hotel chain.
Marriott claimed that the incident was contained in six hours and that it had identified and was investigating it before they were contacted by the unknown attackers. The hotel chain hasn’t made any kind of payment to the attackers so far, although it didn’t reveal whether it had negotiated at all.
“They were communicating with us and went silent for no reason, it might be because of the high pricing, but we are always willing to find a deal with our clients and told Marriott that we can provide all the discounts in the world,” the attackers said, who contacted DataBreaches.
Marriott said that while most of the data acquired by the attackers was “non-sensitive internal business files”, the company will be notifying around 300 to 400 individuals and any regulators as required. It didn’t provide a full description as to what kind of information was involved for the individuals being notified. Law enforcement has reportedly been notified and Marriott said it was supporting that investigation.
The attackers provided samples of the data, some of which reportedly appeared to be internal business documents with confidential and proprietary information such as how to access a labour management and scheduling platform. Additionally, there appears to be a relatively recent file detailing the average wages by department.
Other documents contained information on hotel guests and personnel, including their names and jobs, as well as corporate credit card numbers for some companies paying for employees to stay at Marriott.
The attackers revealed they are an international group that has been working for approximately five years. They claimed to have avoided media coverage by establishing a reputation for keeping communications and relationships confidential.
RELATED RESOURCE
Understanding the economics of in-cloud data protection
Data protection solutions designed with cost optimisation in mind
The group also claimed to never encrypt anything as it doesn’t want to interfere with business. It also added it doesn’t attack critical government infrastructure but focuses only on businesses.
IT Pro has contacted Marriott for comment.
This isn’t the first time that Marriott has experienced a data breach. In 2020, it was fined £18.4 million by a UK data regulator for a 2014 data breach that affected 339 million guest records worldwide. The ICO found that the company failed to put appropriate technical or organisational measures in place to protect the personal data being processed on its systems, as required by GDPR.
-
Why patching velocity matters as Claude Mythos supercharges vulnerability discoveryFrontier AI models such as Claude Mythos and GPT-5.5 make patching more urgent than ever. How can firms increase the velocity at which they apply fixes and mitigations?
-
The UK is running on fumes as data center build-outs can’t keep pace with demandNews The country's vacancy rate has dropped sharply, with much of the pipeline early-stage and uncertain
-
Two US nationals sentenced for role in prolific fake worker laptop farmsNews The Americans were raising money for the North Korean regime by allowing fake IT workers to appear as legitimate US-based employees
-
Beware of emails threatening a code of conduct reviewNews A widespread phishing campaign has targeted tens of thousands of employees
-
Microsoft and NCSC issue alerts over hacker campaigns targeting WhatsApp, Signal messaging appsNews Microsoft warns about a sophisticated attack that starts with WhatsApp messages, while the NCSC says such incidents are on the rise
-
Is your new hire an AI clone? Microsoft says North Korean hackers are using AI to impersonate job seekers and steal company secretsNews The groups are increasingly using face-changing or voice-changing software to make their fake identities more plausible
-
Google issues warning over ShinyHunters-branded vishing campaignsNews Related groups are stealing data through voice phishing and fake credential harvesting websites
-
Thousands of Microsoft Teams users are being targeted in a new phishing campaignNews Microsoft Teams users should be on the alert, according to researchers at Check Point
-
Microsoft warns of rising AitM phishing attacks on energy sectorNews The campaign abused SharePoint file sharing services to deliver phishing payloads and altered inbox rules to maintain persistence
-
Warning issued as surge in OAuth device code phishing leads to M365 account takeoversNews Successful attacks enable full M365 account access, opening the door to data theft, lateral movement, and persistent compromise
