Marriott Hotels - Millions Hacked Again

Uploaded on 2020-04-14 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel

For the second time in less than two years, Marriott says it’s been hacked. Personal information for “up to approximately 5.2 million guests” was compromised this time around, the hotel giant announced at the beginning of April. A year and a half ago in November 2018 the Marriott hotel chain was hacked with theft of 500 million reservation data records.

Now Marriott has been hit again with around 5.2million guests possibly data hacked. This attack does not seem as bad as the 2018 hack but, Marriott should have really improved its data security and some are saying this means other hotels must check their cyber security.

Marriott first became aware that they'd been hacked when a security tool flagged an unusual database query. “We identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.” Following this discovery, the management ordered that the login credentials were disabled ande began an investigation and additional actions for improved security.

Marriott has not explained why it took a month before it alerting its customers about the hack. 

It is understood that the current intrusion dates from January 202, when someone used the security information of two franchise property employees to access an "unexpected amount of guest information." Those data points included contact details like names, email and home addresses, and phone numbers, as well as gender, birthday, frequent flier numbers, loyalty account info, and hotel preferences, like whether you like being near or far from the elevator.

Marriott is hardly the first company to get hacked multiple times, even at this scale. Yahoo, with hacks of 500 million and 3 billion users is the highest known of to date.

Stealing the hotel’s guest data, is often associated with cyber criminals aiming to use identity theft, or make use of stolen credit card numbers. The hotel chain says that credit card data, PINs, passport and driver’s licence information was not accessed by the hackers, whose identities are so far unknown. Following the 2018breach it was reported that hackers were thought to be  employees of the Chinese intelligence services.

In July of 2019 British Information Commissioner's Office levied a fine of £99 million for violating British citizens' privacy rights under the GDPR. 

Marriott says beware of scammers who might try to take advantage of this attack and the hotel chain says it will never call or email guests asking for “payment card information, other financial account information, online account information, or passwords.”

NCSC:     Marriott:     Wired:        CSO Online:      FastCompany:       Register:    


You Might Also Read: 

Breaking Down Five 2018 Breaches:

 

 

 

« Spear Phishing Threats & Trends
Experts Aim To Combat COVID-19 Cyber Attacks »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Exclusive Networks

Exclusive Networks

Exclusive Networks accelerate market entry and growth for innovative cybersecurity, networking and infrastructure technologies.

Nimbusec

Nimbusec

Nimbusec scans your website around the clock and informs immediately if it has been hacked or manipulated

CryptoCodex

CryptoCodex

Cryptocodex has developed Counter-Fight, the most advanced, yet simple to implement, counterfeit detection system.

Spanish Network of Excellence on Cybersecurity Research (RENIC)

Spanish Network of Excellence on Cybersecurity Research (RENIC)

RENIC is a membership based sectoral association that includes research centers and other agents of the research cybersecurity ecosystem in Spain.

Nameshield Group

Nameshield Group

Nameshield is one of most experienced domain name registrars, trademark protection specialists and managers of online reputational risk in the world today.

Delfigo Security

Delfigo Security

Delfigo Security, a pioneer in intelligent authentication, provides a strong, multi-factor authentication solution to prevent identity theft and reduce fraud.

LogMeIn

LogMeIn

LogMeIn makes it possible for millions of people and businesses around the globe to do their best work simply and securely—on any device, from any location and at any time.

Harvey Nash

Harvey Nash

Harvey Nash is a leading global provider of talent and technology solutions.

ThreatDefence

ThreatDefence

ThreatDefence provides innovative SIEM, SOC-as-a-Service, and proactive cyber defence solutions to MSP’s and Enterprises.

TachTech

TachTech

TachTech is passionate about trust, security and privacy in the digital world. We create tailored security and compliance solutions to improve your business.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.

Aspire Technology Solutions

Aspire Technology Solutions

Aspire is an award-winning IT Managed Service and Cyber Security Provider. We specialise in cyber security, cloud, connectivity, managed services, unified communications and IT support.

Tranchulus

Tranchulus

Tranchulus are a global provider of offensive and defensive cyber solutions, information security assessment, compliance and managed security services.

Auria

Auria

Auria advances complex space, missile, and cyber operations with visionary solutions and software.

Kaavalan

Kaavalan

Kaavalan was founded with a mission and a vision to protect you against cyber threats in the connected world.

Reclaim Security

Reclaim Security

Reclaim Security is your always-on force multiplier, empowering security teams to eliminate threat exposure using your existing security stack.