In the past few days, the Marriott International hotel chain has confirmed yet another breach of security that has exposed the personal information of both staff and customers in yet another unfortunate incident for a company that several significant hacking attempts have hit.
DataBreaches.net reports that hackers stole around 20GB of data from the BWI Airport Marriott in Baltimore, Maryland, including confidential business documents and customer payment information. Several redacted samples published by DataBreaches show credit card authorization forms, which provide an attacker with nearly all the needed information to commit fraud.
As reported by the Verge, the threat actor did not gain access to Marriott’s core network but access to information on the web. Even so, Marriott is working on notifying between 300 and 400 individuals about the data breach that has taken place.
There was a breach of Marriott’s database in 2018. This breach resulted in the leak of information relating to up to 500 million guests of the Starwood Hotel network, which Marriott acquired in 2016. Due to another data breach in 2020, 5.2 million people’s personal information was exposed two years after the 2016 breach. Currently, it appears that the latest incident is far less severe than the previous hacks carried out against the hotel chain in the past.
In light of this latest data breach, it can be concluded that organizations that have been the victim of previous data breaches possess a higher probability of being attacked in the future, according to Jack Chapman, director of threat intelligence at cloud security provider Egress. “Social engineering is one of the most effective tools cybercriminals have in their arsenal. They know that the group’s people are one of its biggest vulnerabilities, so they turn to this technique again.”
