View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data
July 6, 2022

Marriott Hotels suffers fresh data breach, 20GB of information leaked

The hotel chain has played down the attack, but hackers claim to have personal information on guests.

By Matthew Gooding

International hotel chain Marriott has suffered a fresh data breach, with cybercriminals claiming to have stolen 20 gigabytes of information including personal and credit card details of guests.

Marriott Hotels has suffered a fresh data breach. (Photo by Tomsmith585/iStock)

The breach is thought to have occurred when an unnamed hacking group managed to trick an employee at one of Marriott’s hotels, the BWI Airport Marriott in Baltimore, to allow them access to the company’s systems in a social engineering attack.

According to DataBreaches, which first reported the attack, the hackers have documents detailing names and other details of guests, as well as credit card information used to make bookings.

Marriott owns and operates more than 8,000 properties around the world. The company confirmed the breach to DataBreaches, but said the information stolen was mostly “non-sensitive business files”. It says it has informed between 300-400 affected parties, as well as relevant data protection watchdogs and law enforcement agencies.

The hackers have reportedly demanded a ransom to release the information back to Marriott, but it is thought the company has not yet paid up.

Marriott data breaches and the rise of social engineering attacks

This is not the first time Marriott has suffered a significant data breach. In 2020 it was fined £18.4m by the UK’s Information Commissioner’s Office for a data breach that impacted up to 339m customers. The ICO had initially threatened to fine the company up to £99m.

This breach started when the Starwood Hotels group suffered a cyberattack in 2014. Starwood which was acquired by Marriott two years later, and the breach went undetected until 2018. The ICO said client names, addresses and passport information were vulnerable. This attack was linked to Chinese state-backed hackers, an allegation which was denied by Beijing.

Two years ago, Marriott saw data on 5.2m customers stolen. The breach, which occurred in January 2020 and was discovered two months later, is thought to have started when criminals gained access to login information from two members of staff at a Marriott hotel operated as a franchise.

Content from our partners
European Technology Leadership: Deutsche Bank CTO Gordon Mackechnie
Print’s role in driving the environmental agenda
What finance leaders get wrong about digital transformation

Social engineering has been on the rise since the Covid-19 pandemic, with staff working remotely often vulnerable to attacks by criminals who contact them by phone or email purporting to be from their employer. This technique was used successfully by the Lapsus$ hacking gang to gain access to some of the biggest names in tech during its crime spree earlier this year.

Read more: Data breaches are falling… except in Russia

Topics in this article:
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy