The Marriott International hotel chain has been hit by another data breach that exposed staff and customer information in another unfortunate security incident for a company that has been affected by a number of major hacks in the past.
The BWI Airport Marriott in Baltimore, Maryland is said to have been the site of a recent data theft. A sample document published by DataBreaches appears to show credit card authorization forms, which would allow an attacker to make fraudulent purchases with a victim's card.
The Marriott was aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into giving access to the associate's computer. The threat actor tried to extort the hotel chain but no money was paid.
“Organizations that are victims of previous attacks are more likely to be targeted in the future”
The threat actor did not gain access to Marriott's core network and accessed information that was not sensitive. Marriott is going to inform between 300 and 400 people about the data breach. She said that law enforcement agencies have been notified.
The latest incident is not as severe as previous hacks have been. Up to 500 million guests of the Starwood hotel network were affected by Marriott's database breach in the summer of 2018, the company said in a statement. The personal information of over five million guests was exposed in a data hack in 2020.
Organizations that have been victims of previous attacks are more likely to be targeted in the future, according to Jack Chapman, VP of threat intelligence at cloud security provider Egress. Cybercriminals know that an organization's people are its biggest vulnerability and that's why they use social engineering again and again.