Hotel chain Marriott fell victim to another data breach last month by organized hackers who said the company has very poor cyber defenses.
Marriott has experienced several major breaches over the past few years, with some resulting in hundreds of millions of stolen customer records, lawsuits, and millions in regulatory fines.
The latest incident occurred in June when a group of anonymous hackers deployed phishing tactics on a BWI Airport Marriott employee. The threat actors used his clearance to extract 20 GB of data, including data on employees and even hotel guests.
Marriott told cyber-news site Databreaches.net on Tuesday that most of the stolen data included“non-sensitive internal business files.
The hackers claimed to have obtained some proprietary information, along with the personal data of guests and employees. They labeled the stolen data as “critical.”
Additionally, Marriott said it would notify 300-400 individuals, including regulators, which is required in this instance.
“They did not provide a full description as to what kinds of personal information were involved for the individuals being notified,” said Databreaches.
The news outlet interviewed the hacking group and published several sample files that were allegedly stolen in the attack. The hacking group said that Marriott’s cyber defenses were weak, and told reporters that hacking them was very easy.
“Their security is very poor, there were no problems taking their data. At least we didn’t get access to the whole database, but even the part that we took was full of the critical data,” the group said.
A Marriott spokesperson told CyberScoop that the unauthorized access “only occurred for a short amount of time on one day.”
“Marriott identified and was investigating the incident before the threat actor contacted the company in an extortion attempt, which Marriott did not pay,” the spokesperson added.