Hotel chain Marriott International confirmed it has suffered a new data breach after a threat actor stole 20GB of files from one of its properties.
The attacker compromised the network at the BWI Airport Marriott Maryland (BWIA), as confirmed later by the company.
The threat actor told DataBreaches.net website that they had access to the Marriott property’s network about a month ago, they also added that the 0 GB of data exfiltrated included some credit card info and confidential information.
According to statements made to DataBreaches, the attackers also notified numerous employees at Marriot about the security breach. The company initially responded to them, but later interrupted any communication.
“This incident only involved one property. The threat actor did not gain access to Marriott’s core network. The access to one device at the property involved only lasted for approximately six hours,” a Marriott spokesperson told to media .
The threat actor attempted to extort Marriot by threatening to leak the stolen files, but the company refused to pay a ransom and notified the authorities.
Marriott also hired a leading cyber security firm to investigate the security breach.
“Marriott acknowledged that while most of the data acquired by GNN was what Marriott described as non-sensitive internal business files, they will be notifying approximately 300-400 individuals and any regulators, as required. They did not provide a full description as to what kinds of personal information were involved for the individuals being notified.” reported DataBreaches.
This isn’t the first incident suffered by Marriot, below is a list of some of the security breaches it was the victim of:
(SecurityAffairs – hacking, data breach)