Marriott Hotels - Millions Hacked Again

For the second time in less than two years, Marriott says it’s been hacked. Personal information for “up to approximately 5.2 million guests” was compromised this time around, the hotel giant announced at the beginning of April. A year and a half ago in November 2018 the Marriott hotel chain was hacked with theft of 500 million reservation data records.

Now Marriott has been hit again with around 5.2million guests possibly data hacked. This attack does not seem as bad as the 2018 hack but, Marriott should have really improved its data security and some are saying this means other hotels must check their cyber security.

Marriott first became aware that they'd been hacked when a security tool flagged an unusual database query. “We identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.” Following this discovery, the management ordered that the login credentials were disabled ande began an investigation and additional actions for improved security.

Marriott has not explained why it took a month before it alerting its customers about the hack. 

It is understood that the current intrusion dates from January 202, when someone used the security information of two franchise property employees to access an "unexpected amount of guest information." Those data points included contact details like names, email and home addresses, and phone numbers, as well as gender, birthday, frequent flier numbers, loyalty account info, and hotel preferences, like whether you like being near or far from the elevator.

Marriott is hardly the first company to get hacked multiple times, even at this scale. Yahoo, with hacks of 500 million and 3 billion users is the highest known of to date.

Stealing the hotel’s guest data, is often associated with cyber criminals aiming to use identity theft, or make use of stolen credit card numbers. The hotel chain says that credit card data, PINs, passport and driver’s licence information was not accessed by the hackers, whose identities are so far unknown. Following the 2018breach it was reported that hackers were thought to be  employees of the Chinese intelligence services.

In July of 2019 British Information Commissioner's Office levied a fine of £99 million for violating British citizens' privacy rights under the GDPR. 

Marriott says beware of scammers who might try to take advantage of this attack and the hotel chain says it will never call or email guests asking for “payment card information, other financial account information, online account information, or passwords.”

NCSC:     Marriott:     Wired:        CSO Online:      FastCompany:       Register:    


You Might Also Read: 

Breaking Down Five 2018 Breaches:

 

 

 

« Spear Phishing Threats & Trends
Experts Aim To Combat COVID-19 Cyber Attacks »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer is a global law firm with a track record of successfully supporting the world's leading corporations, financial institutions and governments.

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE)

HPE is an information technology company focused on Enterprise networking, Services and Support.

Australian Cyber Security Growth Network (AustCyber)

Australian Cyber Security Growth Network (AustCyber)

AustCyber brings together businesses and researchers to develop the next generation of cyber security products and services.

Team8

Team8

Team8 is Israel’s most prestigious cybersecurity think tank and venture creation foundry.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

Momentum Cyber

Momentum Cyber

Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity ecosystem.

Omnipotech

Omnipotech

Omnipotech is a complete managed service provider. From desktop to datacenter, all the technology support you need, under one umbrella.

Inflexor Ventures

Inflexor Ventures

Inflexor Ventures is a technology focused venture capital firm that invests in early stage companies from seed to Series-A+ stages.

Internet Security Research Group (ISRG)

Internet Security Research Group (ISRG)

ISRG's mission is to reduce financial, technological, and educational barriers to secure communication over the Internet.

TopSOC Information Security

TopSOC Information Security

TopSOC Information Security provide a wide range of security consultation, implementation and training services.

Sec-Ops

Sec-Ops

Sec-Ops is a forward thinking cyber security company, formed by a group of security enthusiasts with years of experience and backgrounds in the technology and the government industries.

Etisalat and (e&)

Etisalat and (e&)

Etisalat Group is one of the world’s leading telecom groups in emerging markets.

DV Cyber Security

DV Cyber Security

DV Cyber (formerly A76) is an innovative cyber security company vertically focused on Threat Intelligence and Cyber Security Research.

HanaByte

HanaByte

HanaByte is a security consultancy focused on delivering state of the art solutions in the cloud. We specialize in delivering cloud services with an emphasis on security.

Exaforce

Exaforce

At Exaforce, we are on a mission to 10× improve the productivity and efficacy of security and operations teams using our transformative multi-model AI engine.

Concentrix

Concentrix

Concentrix - the intelligent transformation partner. We help the world’s leading organisations to modernise technology, transform experiences, and solve their toughest business challenges.