IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Marriott hit by data breach through social engineering

Unknown attackers were reportedly able to exfiltrate 20GB of information from the company

Marriott International has revealed that unknown hackers infiltrated its computer networks and then attempted to extort the company.

The incident reportedly took place a month ago and the attackers were able to exfiltrate 20GB of data including credit card and confidential information, according to DataBreaches. The hotel impacted appears to be BWI Airport Marriott in Maryland in the US.

The breach occurred because an attacker carried out social engineering and successfully tricked an associate at a Marriott hotel into giving them access to the associated computer, Marriott said in a statement to IT Pro

“Our investigation determined that the information accessed primarily contained non-sensitive internal business files regarding the operation of the property,” added the hotel chain.

Marriott claimed that the incident was contained in six hours and that it had identified and was investigating it before they were contacted by the unknown attackers. The hotel chain hasn’t made any kind of payment to the attackers so far, although it didn’t reveal whether it had negotiated at all. 

“They were communicating with us and went silent for no reason, it might be because of the high pricing, but we are always willing to find a deal with our clients and told Marriott that we can provide all the discounts in the world,” the attackers said, who contacted DataBreaches.

Marriott said that while most of the data acquired by the attackers was “non-sensitive internal business files”, the company will be notifying around 300 to 400 individuals and any regulators as required. It didn’t provide a full description as to what kind of information was involved for the individuals being notified. Law enforcement has reportedly been notified and Marriott said it was supporting that investigation.

The attackers provided samples of the data, some of which reportedly appeared to be internal business documents with confidential and proprietary information such as how to access a labour management and scheduling platform. Additionally, there appears to be a relatively recent file detailing the average wages by department.

Other documents contained information on hotel guests and personnel, including their names and jobs, as well as corporate credit card numbers for some companies paying for employees to stay at Marriott.

The attackers revealed they are an international group that has been working for approximately five years. They claimed to have avoided media coverage by establishing a reputation for keeping communications and relationships confidential.

Related Resource

Understanding the economics of in-cloud data protection

Data protection solutions designed with cost optimisation in mind

Whitepaper cover with title below a gradient orange pixelated banner and text and graph belowFree Download

The group also claimed to never encrypt anything as it doesn’t want to interfere with business. It also added it doesn’t attack critical government infrastructure but focuses only on businesses.

IT Pro has contacted Marriott for comment.

This isn’t the first time that Marriott has experienced a data breach. In 2020, it was fined £18.4 million by a UK data regulator for a 2014 data breach that affected 339 million guest records worldwide. The ICO found that the company failed to put appropriate technical or organisational measures in place to protect the personal data being processed on its systems, as required by GDPR.

Featured Resources

Big data for finance

How to leverage big data analytics and AI in the finance sector

Free Download

Ten critical factors for cloud analytics success

Cloud-native, intelligent, and automated data management strategies to accelerate time to value and ROI

Free Download

Remove barriers and reconnect with your customers

The $260 billion dollar friction problem businesses don't know they have

Free Download

The future of work is already here. Now’s the time to secure it.

Robust security to protect and enable your business

Free Download

Most Popular

Why collaboration is key to digital transformation

Why collaboration is key to digital transformation

13 Sep 2022
Anonymous hacks Iranian government and state broadcasters
cyber attacks

Anonymous hacks Iranian government and state broadcasters

22 Sep 2022
What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022