Marriott Plays Down 20GB Data Breach
Marriott International’s cybersecurity has come under criticism due to alleged irresponsibility regarding a data breach in which hackers stole 20GB of data from one of the hotel chain’s US locations. The hotel giant claimed that a threat actor was able to socially engineer an employee who worked at the BWI Airport Marriott in Baltimore. The social engineering resulted in the threat actor possessing the ability to exfiltrate data from the employee’s computer. The group claimed that this was an isolated incident that was contained within a few hours.
In addition, the hotel giant claimed that the files accessed and stolen were non-sensitive business files. Marriott stated that it would inform the 300-400 customers whose personal information was exposed. However, the threat actor associated with the attack reportedly released screenshots of data obtained during the breach, revealing full corporate credit card numbers, CVV details, and expiration dates for some guests. Security researchers have expressed concerns that Marriott was untruthful about the critical nature of the information exposed and mislead its guests into thinking that their financial information had been spared from exposure.
Read More: Marriott Plays Down 20GB Data Breach