Published on November 7th, 2019 📆 | 5954 Views ⚑0
Marriott hotel chain hacked again; customers’ personal information leaked
Marriott International hotel chain has alerted its customers about a cybersecurity incident that could negatively impact the security of some users’ data (specifically their social security numbers), after an unidentified threat actor accessed the company’s networks, data protection experts reported.
In its security alert, the company mentions that exposure of information stems from a cyberattack suffered by an external service provider which previously had worked for Marriott: “On September 4th we detected that an unidentified user obtained access to information from some Marriott partners through an external provider,” the company’s statement says.
Apparently, this service provider worked for
Marriott receiving official documents (citations, court orders, etc.); one of
the documents Marriott shared with this third-party provider included some
partners’ social security numbers, as well as full names and addresses. The
personal information exposure involves this specific document, data protection
After detecting this information exposure, Marriott
contacted the third party provider, which ensured that they are handling this
incident in the best possible way; “We have ended our relationship with
this company, which in turn has informed us that information about Marriott
partners is being securely removed from their networks,” the hotel chain
As a security measure for affected users,
Marriott announced that they will be provided them with a free identity theft protection
service for one year.
Although the company detected this exposure of
information two months ago, the incident could not be publicly disclosed, as it
was necessary to inform each affected user directly before, in addition to
notifying the competent authorities. A report published on the specialized platform
Bleeping Computer even states that the company has not finished informing all
affected users. It has reportedly detected just over 1.5k affected users so far,
although the number could still grow.
This is not the first security incident
reported by Marriott. About a year ago, data protection specialists from the
International Institute of Cyber Security (IICS) reported that a hacker group
managed to compromise the databases of Starwood,
one of Marriott’s multiple brands, exposing almost 390 million records. The
company was fined multiple times for its information security flaws.