Marriott suffers at least its seventh data breach since 2010 | Engadget

Marriott confirmed it was the target of yet another data breach after attackers recently breached the company’s systems. The company said hackers used social engineering techniques to gain access to an employee’s computer. After obtaining around 20GB of data, the person or group behind the attack tried to extort Marriott, but the company refused to pay up. 

The hackers had access to Marriott’s network for less than a day. The company told CyberScoop it was already investigating the breach before it received the extortion attempt. The incident is said to have taken place around a month ago, but it only just came to light. Marriott has informed law enforcement and it will notify between 300 and 400 unspecified individuals and regulators as required.

According to DataBreaches, which first reported on the attack, the hackers gained access to a server at BWI Airport Marriott in Maryland. They provided the publication with screenshots that appear to show reservation documents for flight crews, along with ]corporate credit card numbers for an airline or travel agency.

Marriott said most of the information was “non-sensitive internal business files regarding the operation of the property.” It’s unclear what kinds of other customer and employee data was included. Engadget has contacted Marriott for comment.

This is at least the seventh data security incident involving Marriott since 2010, according to DataBreaches. One of the more notable cases emerged in November 2018. The company said hackers gained access to the reservation database of its Starwood subsidiary and obtained personal details of as many as 383 million guests (though some of those were believed to be duplicate records). The data included 5.3 million unencrypted passport numbers. The UK’s Information Commissioner’s Office fined Marriott £18.4 million (around $21.9 million at today’s rates) over the incident.