The Marriott International Hotel chain has become a victim of one of the latest data breaches as almost 20 GB of data related to staff and consumers got stolen. This is not the first time Marriott Hotel is getting targetted by hackers.
According to a report by Data Breaches Net, the stolen data includes vital and confidential information such as customer payment information, business documents and staff information to name a few.
DataBreaches was informed on June 28th regarding the incident by an anonymous message.
The report suggests that the date breach happened almost a month ago at BWI Airport Marriott in Maryland. Hackers were able to get access to information including credit card details and authorisation forms, which are more than necessary to conduct a financial scam.
A spokesperson of the Marriott International, Melissa Froehlich Flood, told media that they were aware of a threat actor who tricked one employee at a Marriott Hotel to get access to that employee’s computer system. Using access to that computer system, hackers were able to steal data without any interference.
Even though hackers the first asked for money in exchange for data, hotel chain denied paying any money, which led to the group making the leak public.
According to the Marriott Hotel chain, hackers were not able to get access to the core network of the company. Only non-sensitive internal business files got stolen. The spokesperson added that the company is planning to notify customers affected and various stakeholders and authorities regarding the incident.
Who attacked Marriott Hotel?
The group of individuals (hereby called GNN) who attacked Marriott Hotel Chain contacted databreaches.net.
When asked about who they are and what they do, GNN replied that they are an international group which has been in operation for the last five years. As they try to avoid media attention, they do not come up in news much.
GNN also added that their targets are only businesses and not government or critical infrastructure. They also said GNN is changing their business structure and that is why they contacted databreaches regarding the attack on Marriott hotel.
Past incidents of the data breach at Marriott
In 2010, an individual based in Hungary attacked a Marriott hotel, which resulted in a data breach. His aim was to extort them to give him a job. In 2011, customers of a program named Marriott Rewards got notified about a data breach involving Epsilon.
A breach at Starwood in 2014 resulted in a multi-million dollar lawsuit against Marriott as the company acquired Starwood in 2016. In 2018 Marriott made a disclosure stating nearly 500 million guests got affected in the data breach of 2014 at Starwood.