Marriott just confirmed it was hit by another data breach — what you need to know

The sign at the entrance to Marriott International's world headquarters in Bethesa, Maryland.
(Image credit: Jer123/Shutterstock)

Marriott International has confirmed that the popular hotel chain has fallen victim to yet another data breach in which an unnamed group of cybercriminals managed to steal 20GB of files from the company.  

As first reported by DataBreaches, the group reached out to the publication to provide them with a sample of documents stolen in the breach including reservation logs for airline crew members and credit card authorization forms. While news of the breach is just being reported now, it actually occurred around a month ago.

Instead of hacking into the hotel chain’s systems, the group employed social engineering to trick an associate at BWI Airport Marriott in Maryland into giving them access to their work computer.

All told, the cybercriminals managed to steal credit card details and personally identifiable information (PIA) on guests and Marriott employees. 

Failed ransom attempt

man sat at darkened desk working on laptop and desktop

(Image credit: Shutterstock)

After stealing 20GB of data from Marriott, the cybercriminal group tried to contact the company numerous times. While they were initially in talks, the hotel chain suddenly stopped emailing them, according to a statement they provided to DataBreaches.

“We are the ones who organized this leak and they were communicating with us. We were acting like a RedHat organization and they just stopped communicating with us,” the statement read.

Although the group claimed to be acting as red hat hackers who don’t launch cyberattacks for their own gain, they did demand a ransom payment from Marriott not to release its stolen data. While the amount the cybercriminals asked for wasn’t disclosed, they did tell DataBreaches the price was rather high. In the end, Marriott didn’t end up paying the ransom which is also the right course of action when infected with ransomware.

As such, we could see some of the information obtained in the data breach either leaked online or put up for sale on dark web hacking forums in the future.

What to do after a data breach

According to a report from CyberScoop, Marriott said that most of the stolen data was “non-sensitive internal business files” regarding the operation of the firm’s hotel next to BWI airport.

A Marriott spokesperson provided further details on the matter in a statement to Tom’s Guide, saying, “Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer. The threat actor did not gain access to Marriott’s core network."

"Our investigation determined that the information accessed primarily contained non-sensitive internal business files regarding the operation of the property," the Marriott statement continues. "The incident was contained to a short period of time. Marriott identified and was investigating the incident before the threat actor contacted the company in an extortion attempt, which Marriott did not pay. The company is preparing to notify 300-400 individuals regarding the incident. Marriott has also notified law enforcement and is supporting their investigation.”

If your personal information has been exposed in a data breach, then investing in one of the best identity theft protection services is a good idea, as such services can help you recover your identity if it’s stolen. Companies that fall victim to data breaches often make these services available to affected customers for free. Likewise, you can also use HaveIBeenPwned to see whether or not your email, passwords and other information are available online.

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
An open lock depicting a data breach
3.5 million hit in major law firm data breach — full names, SSNs, dates of birth, addresses and more exposed
Amazon GrubHub delivery
Grub Hub data breach exposed contact and payment information of diners, merchants and drivers — here’s what we know
An open lock depicting a data breach
12 million hit in Zacks Investment data breach — how to protect yourself now
An open lock depicting a data breach
The top 10 data breaches of 2024
Surfshark graphic of 2024 data breaches
Nearly 700 million American records were leaked in 2024
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in Online Security
Graphic screen displaying malware detection warning
This dangerous new Windows malware hides from your antivirus while impersonating a popular PC brand
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Friday, March 28 (#656)
Reddit logo and Reddit logo on phone
Reddit, X and MLB.TV were down — live updates on outage
Nintendo Switch 2 console, Joy-Con controllers and dock
The Switch 2's mysterious "C" button may have just been confirmed by Nintendo
Nintendo Switch virtual game card
Nintendo just announced 'Virtual Game Cards' ahead of Switch 2 launch
Gerard Butler as Detective Nick "Big Nick" O'Brien in "Den of Thieves 2: Pantera"
Netflix top 10 movies — here’s the 3 worth watching right now
Graphic screen displaying malware detection warning
This dangerous new Windows malware hides from your antivirus while impersonating a popular PC brand