Hotel giant Marriott has acknowledged it was hit by a second data breach this year in which data including personally identifiable information and credit card details were compromised. According to DataBreaches.net 20GB of Marriott International's data is said to have been stolen by an unnamed hacking group from a BWI Airport Marriott employee, the media has reported.
As per DataBreaches.net, the attackers have documents detailing names and other details of Marriott's guests, as well as credit card information used to secure bookings. The data breach is said to have occurred last month when an unnamed hacking group said that they used "social engineering" to trick a Marriott hotel staffer in Maryland into giving them access to their computer.
"Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer. The threat actor did not gain access to Marriott’s core network. Our investigation determined that the information accessed primarily contained non-sensitive internal business files regarding the operation of the property. The incident was contained in a short period of time," A Marriott spokesperson told ABP Live in a statement.
At least 300 to 400 customers potentially affected by the data breach were already informed by Marriott, which noted that the attack, which was not as significant as the hackers claimed it to be, has been contained within six hours of discovering the hack.
Melissa Froehlich Flood, a spokesperson for Marriott, was quoted as saying by the media that company was "aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate's computer". Before going public with the hack, the threat actor had tried to extort the hotel chain but no money was paid, Froehlich Flood said.
Based on current reports, the latest incident is far less severe than previous hacks that have targeted the hotel chain. Earlier in 2018, Marriott revealed that it had been hit by an enormous database breach that affected up to 500 million guests of the Starwood hotel network, which was acquired by Marriott in 2016.
Two years later, another data breach in 2020 exposed the personal information of 5.2 million guests.