Hotel giant Marriott International has faced yet another data breach that exposed staff and customer information.
Hackers are reported to have stolen around 20GB of data, including confidential business documents and customer payment information, from the BWI Airport Marriott in Baltimore, Maryland, citing DataBreaches.net, The Verge reported.
Redacted sample documents published by DataBreaches appear to show credit card authorisation forms, which would give an attacker all of the details needed to make fraudulent purchases with a victim’s card.
Jim Scholefield is the Chief Information and Digital Officer (CIDO) of Marriott International — responsible for leading all aspects of the company’s information technology and digital strategies. Marriott does not reveal the name of its technology partner responsible for cyber security.
Melissa Froehlich Flood, a spokesperson for Marriott, said that the company was aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer.
Before going public with the hack, the threat actor had tried to extort the hotel chain but no money was paid, Froehlich Flood said.
Based on current reports, the latest incident is far less severe than previous hacks that have targeted the hotel chain.
In 2018, Marriott revealed that it had been hit by an enormous database breach that affected up to 500 million guests of the Starwood hotel network, which was acquired by Marriott in 2016.
Two years later, another data breach in 2020 exposed the personal information of 5.2 million guests.