The Marriott Hotel Network Is Attacked By Hackers Again, Employee And Customer Data To Be Released To The Public

JAKARTA - Hotel chain Marriott International has confirmed that it has been hit by a malware attack that exposed staff data and customer information in a security incident. This adds to a long list of companies that have been hit by a number of major hacks in recent years.

In the latest incident, first reported by DataBreaches.net, hackers were reported to have stolen around 20GB of data. This includes confidential business documents and customer payment information, from the BWI Airport Marriott in Baltimore, Maryland.

An edited sample document published by DataBreaches appears to show a credit card authorization form, which would have provided the attacker with all the necessary details to make a fraudulent purchase with the victim's card.

Melissa Froehlich Flood, a spokeswoman for Marriott, told The Verge that the company "is aware of hackers who use social engineering to trick an employee at a Marriott hotel into giving access to that employee's computer."

"Before going public with the hack, hackers had tried to blackmail the hotel chain but no money was paid," Froehlich Flood said, as quoted by The Verge.

"Hackers did not gain access to Marriott's core network and only accessed information containing non-sensitive internal business files," the spokesperson said. Marriott is now preparing to tell between 300 and 400 of their customers about this data breach. Law enforcement agencies have also been notified of this hack.

Based on current reports, the latest incident is much lighter than previous hacks targeting hotel chains.

In 2018, Marriott disclosed that it had been exposed to a large database breach that affected up to 500 million guests of the Starwood hotel chain, which was acquired by Marriott in 2016. Two years later, another data breach in 2020 exposed the personal information of 5.2 million guests.

“As this latest data breach shows, organizations that were victims of previous attacks are more likely to be targeted in the future,” said Jack Chapman, vice president of threat intelligence at cloud security provider Egress.

“Social engineering is a very effective tool and cybercriminals know that the people in an organization are its greatest vulnerability. That's why they come back to this technique again and again."