Marriott International has suffered a security breach potentially affecting up to 400 customers.
The breach, which was first made known here, involved a “threat actor” using social engineering - the process of gaining access to systems through human interactions - to get into an employee’s computer, but it did not gain access to Marriott’s core systems.
The company says: “Our investigation determined that the information accessed primarily contained non-sensitive internal business files regarding the operation of the property. The incident was contained to a short period of time. Marriott identified and was investigating the incident before the threat actor contacted the company in an extortion attempt, which Marriott did not pay. The company is preparing to notify 300-400 individuals regarding the incident. Marriott has also notified law enforcement and is supporting their investigation.”
Subscribe to our newsletter below
This is the third security breach for Marriott in four years.
Marriott acknowledged an attack in late 2018 that dated back four years and impacted millions of records on the Starwood reservation system.
In early 2020, the company fell prey to another significant data breach affecting up to 5.2 million guests.
Marriott is not alone in the travel industry when it comes to data breaches.
British Airways was the victim of an attack in 2018, Choice Hotels suffered an attack in 2019, CWT acknowledged an incident in mid-2020 and airline tech specialist SITA confirmed a cyber attack in early 2021.
Experts have consistently warned that cyber attacks will increase as the industry recovers.