Marriott International Inc. confirmed on Wednesday July 6th that they had suffered a second data breach this year.
Initial reports say that attackers stole a total of 20GB worth of data including some sensitive information such as credit card information, confidential business documents, and customer payment information
Marriott is preparing to notify between 300 and 400 individuals about the data breach.
Marriott hotels is not new to this situation. Earlier in 2020, Marriott hotels suffered a breach which exposed the personal information of 5.2 million guests.
Far more serious was an incident, discovered in 2018, which affected 500 million guests of the Starwood hotel network, a hotel group acquired by Marriott in 2016.
Marriott was fined nearly £20 million by courts in the UK for failing to adequately safeguard personal information.
Databreaches.net, who first reported on the breach, claimed to have spoken with the hackers responsible for the most recent breach.
This group, who Databreaches calls the Group with No Name or, GNN, says that “Their security is very poor, there were no problems taking their data. At least we didn’t get access to the whole database, but even the part that we took was full of the critical data.”
Marriott’s revenue last quarter was $4.199B yet they have consistently shown a lack of regard for the information security of their customers. Unfortunately this attitude is all too frequent in companies.
“Large organizations need to help their people detect advanced phishing attacks and help nudge them towards safer behaviors,” said Time Sadler, CEO and Co-Founder of Tessian.
“The attacks are only getting hard to spot; all it takes is for one distracted employee to miss the signs.”