Marriott just confirmed it was hit by another data breach — what you need to know

The sign at the entrance to Marriott International's world headquarters in Bethesa, Maryland.
(Image credit: Jer123/Shutterstock)

Marriott International has confirmed that the popular hotel chain has fallen victim to yet another data breach in which an unnamed group of cybercriminals managed to steal 20GB of files from the company.  

As first reported by DataBreaches, the group reached out to the publication to provide them with a sample of documents stolen in the breach including reservation logs for airline crew members and credit card authorization forms. While news of the breach is just being reported now, it actually occurred around a month ago.

Instead of hacking into the hotel chain’s systems, the group employed social engineering to trick an associate at BWI Airport Marriott in Maryland into giving them access to their work computer.

All told, the cybercriminals managed to steal credit card details and personally identifiable information (PIA) on guests and Marriott employees. 

Failed ransom attempt

man sat at darkened desk working on laptop and desktop

(Image credit: Shutterstock)

After stealing 20GB of data from Marriott, the cybercriminal group tried to contact the company numerous times. While they were initially in talks, the hotel chain suddenly stopped emailing them, according to a statement they provided to DataBreaches.

“We are the ones who organized this leak and they were communicating with us. We were acting like a RedHat organization and they just stopped communicating with us,” the statement read.

Although the group claimed to be acting as red hat hackers who don’t launch cyberattacks for their own gain, they did demand a ransom payment from Marriott not to release its stolen data. While the amount the cybercriminals asked for wasn’t disclosed, they did tell DataBreaches the price was rather high. In the end, Marriott didn’t end up paying the ransom which is also the right course of action when infected with ransomware.

As such, we could see some of the information obtained in the data breach either leaked online or put up for sale on dark web hacking forums in the future.

What to do after a data breach

According to a report from CyberScoop, Marriott said that most of the stolen data was “non-sensitive internal business files” regarding the operation of the firm’s hotel next to BWI airport.

A Marriott spokesperson provided further details on the matter in a statement to Tom’s Guide, saying, “Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer. The threat actor did not gain access to Marriott’s core network."

"Our investigation determined that the information accessed primarily contained non-sensitive internal business files regarding the operation of the property," the Marriott statement continues. "The incident was contained to a short period of time. Marriott identified and was investigating the incident before the threat actor contacted the company in an extortion attempt, which Marriott did not pay. The company is preparing to notify 300-400 individuals regarding the incident. Marriott has also notified law enforcement and is supporting their investigation.”

If your personal information has been exposed in a data breach, then investing in one of the best identity theft protection services is a good idea, as such services can help you recover your identity if it’s stolen. Companies that fall victim to data breaches often make these services available to affected customers for free. Likewise, you can also use HaveIBeenPwned to see whether or not your email, passwords and other information are available online.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.