Marriott says hackers attempted to extort company with Baltimore hotel data theft
Marriott confirmed reports that hackers tried to extort the company after 20 GB of employee and customer data was stolen from BWI Airport Marriott in Baltimore.
In a statement, Marriott International shared more information about a Tuesday report from Databreaches.net that an unnamed hacking group had breached servers at BWI Airport Marriott and stolen data that included credit card numbers and other personal information.
.@Marriott confirmed a #databreach involving their #BWIA-Marriott server. "Their security is very poor, there were no problems taking their data," the hackers claimed: https://t.co/T2cFVF33Ah
— Dissent Doe, PhD (@PogoWasRight) July 6, 2022
@BaltBizOnline @dcollinsWBAL @washingtonpost @wsj @wsjbusiness @bloomberg @reutersbiz
According to Marriott International, 300-400 people were affected by the theft and the company said it was “preparing” to notify them.
The hackers contacted the multinational hotel chain and attempted to extort the company, but a spokesperson said they did not pay. Law enforcement has been contacted about the attack.
“Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer,” the company said.
“The threat actor did not gain access to Marriott’s core network. Our investigation determined that the information accessed primarily contained non-sensitive internal business files regarding the operation of the property. The incident was contained to a short period of time.”
The company did not answer questions about whether the victims were employees or customers. Databreaches.net was given a sample of the stolen data and said it contained business documents, employee payment records, airplane flight crew information, corporate credit card numbers and more.
Marriott confirms security incident after threat actor steals 20GB of company datahttps://t.co/Q24qpAOZTG pic.twitter.com/z5cXWoUI2m
— Catalin Cimpanu (@campuscodi) July 5, 2022
As one of the world’s biggest hotel chains, the company has faced multiple breaches over the last ten years.
The most notable was a 2014 breach involving the personal information of 500 million hotel guests. The U.S. government later explicitly blamed the incident on hackers allegedly associated with the Chinese government.
The company is in the midst of one of the largest-ever class-action lawsuits ever related to the breach.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.