Marriott Hotels - Millions Hacked Again

Uploaded on 2020-04-14 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel

For the second time in less than two years, Marriott says it’s been hacked. Personal information for “up to approximately 5.2 million guests” was compromised this time around, the hotel giant announced at the beginning of April. A year and a half ago in November 2018 the Marriott hotel chain was hacked with theft of 500 million reservation data records.

Now Marriott has been hit again with around 5.2million guests possibly data hacked. This attack does not seem as bad as the 2018 hack but, Marriott should have really improved its data security and some are saying this means other hotels must check their cyber security.

Marriott first became aware that they'd been hacked when a security tool flagged an unusual database query. “We identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.” Following this discovery, the management ordered that the login credentials were disabled ande began an investigation and additional actions for improved security.

Marriott has not explained why it took a month before it alerting its customers about the hack. 

It is understood that the current intrusion dates from January 202, when someone used the security information of two franchise property employees to access an "unexpected amount of guest information." Those data points included contact details like names, email and home addresses, and phone numbers, as well as gender, birthday, frequent flier numbers, loyalty account info, and hotel preferences, like whether you like being near or far from the elevator.

Marriott is hardly the first company to get hacked multiple times, even at this scale. Yahoo, with hacks of 500 million and 3 billion users is the highest known of to date.

Stealing the hotel’s guest data, is often associated with cyber criminals aiming to use identity theft, or make use of stolen credit card numbers. The hotel chain says that credit card data, PINs, passport and driver’s licence information was not accessed by the hackers, whose identities are so far unknown. Following the 2018breach it was reported that hackers were thought to be  employees of the Chinese intelligence services.

In July of 2019 British Information Commissioner's Office levied a fine of £99 million for violating British citizens' privacy rights under the GDPR. 

Marriott says beware of scammers who might try to take advantage of this attack and the hotel chain says it will never call or email guests asking for “payment card information, other financial account information, online account information, or passwords.”

NCSC:     Marriott:     Wired:        CSO Online:      FastCompany:       Register:    


You Might Also Read: 

Breaking Down Five 2018 Breaches:

 

 

 

« Spear Phishing Threats & Trends
Experts Aim To Combat COVID-19 Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

UK Cyber Week Expo & Conference

UK Cyber Week Expo & Conference

Award-winning event organiser ROAR B2B announces the launch of UK Cyber Week and its inaugural event on 4 and 5 April 2023 at the Business Design Centre, London.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

Lakeside Software

Lakeside Software

Lakeside Software provides workspace analytics for desktop transformation, asset optimization, security, incident resolution, and continuous assessment.

OpenSphere

OpenSphere

OpenSphere is an IT company providing security consultancy, information system risk management and security management services.

bdCERT

bdCERT

bdCERT is the national Computer Emergency Response Team for Bangladesh.

Dubex

Dubex

Dubex is Denmark's leading business-oriented IT security specialist.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

Cyverse

Cyverse

Cyverse is a cyber-security firm which provides corporations with state-of-the-art cyber-security service-based and technological solutions made in Israel.

Edvance

Edvance

Edvance operates a range of cybersecurity businesses including value added cybersecurity solutions distribution, security technology innovation and development, and SaS solution offerings.

JpU

JpU

JpU develops a robust, purpose-built mobile network core to simplify the management of IoT networks and consolidate security for all connected devices.

Open Cloud Factory

Open Cloud Factory

Open Cloud Factory is a European based security company, that strives to ease the pressure on IT managers, by providing tools to implement your Security Strategy in an effective and easy manner.

TAC Security

TAC Security

TAC Security is a leading and trusted cyber security consulting partner that specializes in securing the IT infrastructure and assets of enterprises.

Key Cyber Solutions

Key Cyber Solutions

Key Cyber is an IT consulting firm that specializes in agile software development services, program management and infrastructure services, cyber security and cloud and managed services.

DataEndure

DataEndure

DataEndure helps companies build digital resilience so that their critical information assets are protected and available to the right people, at the right time.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

XioGuard

XioGuard

XioGuard is a managed security service for 360-degree cybersecurity coverage, protecting the entire attack surface, increasing performance, reducing cost, and simplifying operations.