The Marriott hotel chain has been hit by another data breach

The Marriott International hotel chain has confirmed that it has been affected by yet another data breach that exposed employee and customer information in yet another unfortunate security incident for a company that has been hit by several major hacks in recent years. is in.

In the latest incident, first reported by DataBreaches.net, hackers are reported to have stolen nearly 20GB of data, including confidential business documents and customer payment information, from BWI Airport Marriott in Baltimore, Maryland. Revised sample documents published by the data breach show a credit card authorization form, which would give an attacker all the details needed to fraudulently make purchases with a victim's card.

Melissa Frolich Flood, a spokeswoman for Marriott, told The Verge that the company "was aware of a dangerous actor who used social engineering to provide access to a colleague's computer at a Marriott hotel." Frolich Flood said that before going public with the hack, the threatening actor had tried to extort money from the hotel chain, but no money was paid.

The spokesperson said the threatening actor did not gain access to Marriott's main network and "contains primarily non-sensitive internal business files". But, nonetheless, Marriott is preparing to notify between 300 and 400 individuals about the data breach. Law enforcement agencies have also been informed, he said.

Based on current reports, the latest incident is far less serious than the previous hack targeting the hotel chain. In 2018, Marriott revealed that it had been affected by a major database breach that affected 500 million guests of the Starwood Hotels network, which was acquired by Marriott in 2016. Two years later, in 2020, another data breach exposed personal information. 5.2 million guests.

"As this latest data breach demonstrates, organizations that have been victims of past attacks are more likely to be targeted in the future," said Jack Chapman, VP of threat intelligence at cloud security provider Igres. “Social engineering is a highly effective tool and cybercriminals know that the people in an organization are its biggest vulnerability – which is why they return to this technology again and again.”