"Marriott Confirms Latest Data Breach, Possibly Exposing Information on Hotel Guests, Employees"
Marriott International recently confirmed that unknown criminal hackers broke into its computer networks and then attempted to extort the company. The incident allegedly occurred roughly a month ago and was the work of a group claiming to be “an international group working for about five years.” Marriott Stated that it was aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer. Marriott noted that the access only occurred for a short amount of time on one day. Marriott stated that it identified and was investigating the incident before the threat actor contacted the company in an extortion attempt, which Marriott did not pay. The group behind the attack claimed to have stolen roughly 20 gigabytes of data at the BWI Airport Marriott in Baltimore, including credit card information and confidential information about guests and workers. The attackers “emailed numerous employees” at Marriott about the breach and had been in at least limited communications with Marriott. Marriott spokesperson said the “incident did involve access to approximately 20 GB of files” and added that the “size of the files involved is not an indication of the content.” Marriott has suffered serious data breaches in the past, such as in November 2018, when the company revealed hackers breached one of its subsidiary brand’s reservations systems and stole the personal data of roughly 500 million guests. A second breach, revealed in March 2020, netted hackers with data on as many as 5.2 million guests.