Marriott Hotels - Millions Hacked Again

For the second time in less than two years, Marriott says it’s been hacked. Personal information for “up to approximately 5.2 million guests” was compromised this time around, the hotel giant announced at the beginning of April. A year and a half ago in November 2018 the Marriott hotel chain was hacked with theft of 500 million reservation data records.

Now Marriott has been hit again with around 5.2million guests possibly data hacked. This attack does not seem as bad as the 2018 hack but, Marriott should have really improved its data security and some are saying this means other hotels must check their cyber security.

Marriott first became aware that they'd been hacked when a security tool flagged an unusual database query. “We identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.” Following this discovery, the management ordered that the login credentials were disabled ande began an investigation and additional actions for improved security.

Marriott has not explained why it took a month before it alerting its customers about the hack. 

It is understood that the current intrusion dates from January 202, when someone used the security information of two franchise property employees to access an "unexpected amount of guest information." Those data points included contact details like names, email and home addresses, and phone numbers, as well as gender, birthday, frequent flier numbers, loyalty account info, and hotel preferences, like whether you like being near or far from the elevator.

Marriott is hardly the first company to get hacked multiple times, even at this scale. Yahoo, with hacks of 500 million and 3 billion users is the highest known of to date.

Stealing the hotel’s guest data, is often associated with cyber criminals aiming to use identity theft, or make use of stolen credit card numbers. The hotel chain says that credit card data, PINs, passport and driver’s licence information was not accessed by the hackers, whose identities are so far unknown. Following the 2018breach it was reported that hackers were thought to be  employees of the Chinese intelligence services.

In July of 2019 British Information Commissioner's Office levied a fine of £99 million for violating British citizens' privacy rights under the GDPR. 

Marriott says beware of scammers who might try to take advantage of this attack and the hotel chain says it will never call or email guests asking for “payment card information, other financial account information, online account information, or passwords.”

NCSC:     Marriott:     Wired:        CSO Online:      FastCompany:       Register:    


You Might Also Read: 

Breaking Down Five 2018 Breaches:

 

 

 

« Spear Phishing Threats & Trends
Experts Aim To Combat COVID-19 Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Kinetik Solutions

Kinetik Solutions

We specialise in backup and disaster recovery solutions to protect your business.

HackLabs

HackLabs

HackLabs is a penetration testing company providing services for network security, web application security and social engineering testing.

Gate 15

Gate 15

Gate 15 provide risk management services focusing primarily on information, intelligence and threat analysis, operational support and preparedness.

AFCON Control & Automation

AFCON Control & Automation

AFCON is a leading global provider of software solutions and services for the smart management of Control & Automation systems in the age of Digital Transformation.

Flexential

Flexential

Flexential helps organizations optimize their journey of IT transformation while simultaneously balancing cost, scalability, compliance and security.

CMMI Institute

CMMI Institute

CMMI Institute enables organizations to elevate and benchmark performance across a range of critical business capabilities, including product development, data management and cybersecurity.

Zerodium

Zerodium

Zerodium is the leading exploit acquisition platform for premium zero-days and advanced cybersecurity research.

CorkBIC International Security Accelerator

CorkBIC International Security Accelerator

CorkBIC International Security Accelerator invests in early stage disruptive companies in the security industry including, Cybersecurity, Internet of Things (IOT), Blockchain and AI.

Sayata Labs

Sayata Labs

Sayata delivers a streamlined solution for processing cyber policies. Increase profitability with an easy and intuitive platform.

NetApp Excellerator

NetApp Excellerator

NetApp Excellerator is NetApp’s global start-up program that aims to fuel innovation by partnering with deep-tech start-ups.

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS) is a state-owned commercial enterprise providing confidential communication, trust services and services in the field of information protection.

Hyperwise Ventures

Hyperwise Ventures

Hyperwise Ventures lead seed investments in startups in the cyber security and enterprise software spaces.

ClassNK Consulting Service (NKCS)

ClassNK Consulting Service (NKCS)

ClassNK Consulting provides consulting services to the maritime industry with a focus on safety, security and compliance.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

Sify Technologies

Sify Technologies

Sify is the largest ICT service provider, systems integrator, and all-in-one network solutions company on the Indian subcontinent.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

DruvStar

DruvStar

DruvStar provides B2B cybersecurity around threat management to strengthen businesses across attack vectors.