Marriott Hotels - Millions Hacked Again

For the second time in less than two years, Marriott says it’s been hacked. Personal information for “up to approximately 5.2 million guests” was compromised this time around, the hotel giant announced at the beginning of April. A year and a half ago in November 2018 the Marriott hotel chain was hacked with theft of 500 million reservation data records.

Now Marriott has been hit again with around 5.2million guests possibly data hacked. This attack does not seem as bad as the 2018 hack but, Marriott should have really improved its data security and some are saying this means other hotels must check their cyber security.

Marriott first became aware that they'd been hacked when a security tool flagged an unusual database query. “We identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.” Following this discovery, the management ordered that the login credentials were disabled ande began an investigation and additional actions for improved security.

Marriott has not explained why it took a month before it alerting its customers about the hack. 

It is understood that the current intrusion dates from January 202, when someone used the security information of two franchise property employees to access an "unexpected amount of guest information." Those data points included contact details like names, email and home addresses, and phone numbers, as well as gender, birthday, frequent flier numbers, loyalty account info, and hotel preferences, like whether you like being near or far from the elevator.

Marriott is hardly the first company to get hacked multiple times, even at this scale. Yahoo, with hacks of 500 million and 3 billion users is the highest known of to date.

Stealing the hotel’s guest data, is often associated with cyber criminals aiming to use identity theft, or make use of stolen credit card numbers. The hotel chain says that credit card data, PINs, passport and driver’s licence information was not accessed by the hackers, whose identities are so far unknown. Following the 2018breach it was reported that hackers were thought to be  employees of the Chinese intelligence services.

In July of 2019 British Information Commissioner's Office levied a fine of £99 million for violating British citizens' privacy rights under the GDPR. 

Marriott says beware of scammers who might try to take advantage of this attack and the hotel chain says it will never call or email guests asking for “payment card information, other financial account information, online account information, or passwords.”

NCSC:     Marriott:     Wired:        CSO Online:      FastCompany:       Register:    


You Might Also Read: 

Breaking Down Five 2018 Breaches:

 

 

 

« Spear Phishing Threats & Trends
Experts Aim To Combat COVID-19 Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DataGuidance

DataGuidance

DataGuidance is a platform used by privacy professionals to monitor regulatory developments, mitigate risk and achieve global compliance.

Organization for Security and Co-operation in Europe (OSCE)

Organization for Security and Co-operation in Europe (OSCE)

OSCE is the world's largest security-oriented intergovernmental organization. Areas of activity include Cyber/ICT security.

WebARX

WebARX

WebARX is a web application security platform, which allows digital agencies and developers to monitor, protect and maintain their websites.

Authenware

Authenware

AuthenWare delivers the highest level of identity security based on behavioral biometrics.

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

Compumatica

Compumatica

Compumatica is a leading European ICT security manufacturer for cybersecurity and encryption products. Solutions include network security, SCADA/ICS security, Mobile/BYOD and email encryption.

Custodio Technologies

Custodio Technologies

Custodio Technologies was established as a Singaporean R&D Centre of Israel Aerospace Industries (IAI) in order to spearhead R&D activities in the field of cyber early warning.

Endian

Endian

Endian’s mission is to provide a secure platform that connects distributed people and things, simplifying the digitalization of businesses.

Honeywell Process Solutions (HPS)

Honeywell Process Solutions (HPS)

Honeywell's Industrial Cyber Security Solutions help plants and critical infrastructure sectors defend the availability, reliability and safety of their industrial control systems.

SecureMe2

SecureMe2

SecureMe2 ‘s mission is to make organizations more responsive to digital threats by deploying smart technology in a highly accessible way.

Huntress Labs

Huntress Labs

Huntress provides managed threat detection and response services to uncover and address malicious footholds that slip past your preventive defenses.

BIND 4.0

BIND 4.0

Bind 4.0 is an acceleration program geared toward tech startups with solutions applied to Advanced Manufacturing, Smart Energy, Health Tech or Food Tech fields.

White Cloud Security

White Cloud Security

White Cloud is a cloud-based Application Trust-Listing security service that prevents unauthorized programs from running on your computers.

East Midlands Cyber Resilience Centre (EMCRC)

East Midlands Cyber Resilience Centre (EMCRC)

The East Midlands Cyber Resilience Centre is set up to support and help protect businesses across the region against cyber crime.

Alea Consulting

Alea Consulting

Alea Consulting is a global risk mitigation and investigative consulting firm, which helps organizations reduce reputation and operational concerns.

Bluefin Payment Systems

Bluefin Payment Systems

Bluefin is the recognized integrated payments leader in encryption and tokenization technologies that protect payments and sensitive data.