The Marriott Hotel is again the target of hackers. The hotel chain is the victim of data theft. The attackers managed to steal a total of 20 GB of personal information from visitors. It is unknown who is responsible for the data breach.
A spokesperson for Marriott Hotel confirms to DataBreaches.net that this is a new data breach.
Marriott: ‘Hackers only had access to non-sensitive internal company files’
The hackers allegedly broke into the IT systems of the BWI Airport Marriott in Maryland last month. They then stole about 20 GB of data. This not only concerns a large number of internal documents but also personal and credit card details of 300 to 400 visitors and employees of the hotel chain. Then you have to think of first and last names, but also flight numbers, functions of the crew members and rooms they were assigned.
A spokesperson for Marriott Hotels confirms that there is a data breach. The hackers managed to gain access to an employee’s computer through social engineering. He emphasizes that the attackers were unable to penetrate to the heart of the network. “We have no evidence that the perpetrator had access to more than the files that were accessible to this one employee,” the spokesperson said.
In a response to DataBreaches.net, he seems to downplay the incident somewhat. According to the spokesperson, “non-sensitive internal company files” were mainly stolen there. The hackers dispute this and emphasize that a lot of private data has been stolen. The Marriott Hotel says it will contact all victims and report the data breach to enforcement authorities.
Previous data breaches at the Marriott Hotel
It is not the first time that the Marriott Hotel has been hit by a data breach. In 2014, hackers managed to penetrate the servers of the hotel group Starwood Hotels. In doing so, they managed to steal personal information such as names, residential addresses, e-mail addresses and credit card numbers from 500 million guests who stayed at the hotel in the past.
Two years later, in 2016, Marriott acquires Starwood Hotels. The hotel chain is therefore responsible for handling the data breach. However, Marriott employees only learned of the data breach at the end of 2018.
The Information Commissioner’s Officer (ICO) imposed a £18.4 million fine on the Marriott Hotel in November 2020. The British regulator concluded that the hotel chain had done too little to secure its systems after the data breach came to light. The General Data Protection Regulation (GDPR) requires European companies to take technical measures to protect personal data. “If a company fails to take good care of its customers’ data, a fine is of the least concern. What matters most is that it has a duty to protect this data,” the ICO said in a statement.
In March 2020, a data breach also took place at the Marriott Hotel. The hotel chain then had to inform 5.2 guests that hackers had access to their private data between mid-January and February. Using the login details of two employees, the attackers managed to penetrate the system.
Catch up on more articles here
Follow us on Twitter here