View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data
July 6, 2022updated 17 Aug 2022 9:19am

Marriott Hotels suffers fresh data breach, 20GB of information leaked

The hotel chain has played down the attack, but hackers claim to have personal information on guests.

By Matthew Gooding

International hotel chain Marriott has suffered a fresh data breach, with cybercriminals claiming to have stolen 20 gigabytes of information including personal and credit card details of guests.

Marriott Hotels has suffered a fresh data breach. (Photo by Tomsmith585/iStock)

The breach is thought to have occurred when an unnamed hacking group managed to trick an employee at one of Marriott’s hotels, the BWI Airport Marriott in Baltimore, to allow them access to the company’s systems in a social engineering attack.

According to DataBreaches, which first reported the attack, the hackers have documents detailing names and other details of guests, as well as credit card information used to make bookings.

Marriott owns and operates more than 8,000 properties around the world. The company confirmed the breach to DataBreaches, but said the information stolen was mostly “non-sensitive business files”. It says it has informed between 300-400 affected parties, as well as relevant data protection watchdogs and law enforcement agencies.

The hackers have reportedly demanded a ransom to release the information back to Marriott, but it is thought the company has not yet paid up.

Marriott data breaches and the rise of social engineering attacks

This is not the first time Marriott has suffered a significant data breach. In 2020 it was fined £18.4m by the UK’s Information Commissioner’s Office for a data breach that impacted up to 339m customers. The ICO had initially threatened to fine the company up to £99m.

This breach started when the Starwood Hotels group suffered a cyberattack in 2014. Starwood which was acquired by Marriott two years later, and the breach went undetected until 2018. The ICO said client names, addresses and passport information were vulnerable. This attack was linked to Chinese state-backed hackers, an allegation which was denied by Beijing.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Two years ago, Marriott saw data on 5.2m customers stolen. The breach, which occurred in January 2020 and was discovered two months later, is thought to have started when criminals gained access to login information from two members of staff at a Marriott hotel operated as a franchise.

Social engineering has been on the rise since the Covid-19 pandemic, with staff working remotely often vulnerable to attacks by criminals who contact them by phone or email purporting to be from their employer. This technique was used successfully by the Lapsus$ hacking gang to gain access to some of the biggest names in tech during its crime spree earlier this year.

Read more: Data breaches are falling… except in Russia

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.