Marriott Confirms Data Breach at Maryland Hotel

Marriott International recently confirmed a data breach involving a single hotel property near Baltimore/Washington International Airport in Maryland.

The breach, which is the third in four years for the hotel giant, occurred last month.

“Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer,” Marriott spokesperson Melissa Froehlich Flood said in a statement to TechCrunch. “The threat actor did not gain access to Marriott’s core network.”

Marriott said it began investigating the breach before the group had a chance to seek a ransom, containing the attack within six hours.

While the group claiming responsibility for the breach said it gained access to guests’ credit card information and confidential information about both guests and employees Marriott noted that the data “primarily contained non-sensitive internal business files regarding the operation of the property.”

Nonetheless, the company plans to notify between 300 and 400 affected individuals.

In 2020, Marriott disclosed a data breach affecting approximately 5.2 million guests. Prior to that, the company was hit with a $24 million fine by the U.K.’s Information Commissioner’s Office for a data breach that gave hackers access to almost 340 million guest records worldwide.