A Data Breach Affecting 5.2 Million Marriott Guests

A Data Breach Affecting 5.2 Million Marriott Guests

On March 31, the official website of Marriott International Group announced that the information of about 5.2 million guests might be leaked. This is the second large-scale information breach encountered by the Marriott Hotel within a year and a half. Marriott ’s two data breaches were conducted in different ways. The first was an “external attack” by a hacker who attacked the database, and this time it was an “insider attack” accessed by employee login credentials. Marriott said that the leaked information includes the guest ’s name, address, email address, phone number, account and credit balance, birthday, preferences, etc., but Marriott denied the guest ’s account password, credit card, passport, ID card, driver ’s license, etc. Information was leaked. According to Marriott estimates, the information leak may involve as many as 5.2 million customers.

This is only one and a half years since its last data breach. In November 2018, an information leak occurred in the reservation database of Marriott’s Starwood Hotels. Marriott stated that hackers hacked into the system and stole the personal information of more than 383 million hotel customers. As for the way of this data breach, Marriott said that someone may have used the login credentials of two employees of a franchise hotel under the group to access a large number of customer information since mid-January 2020. Marriott said that after discovering the aforementioned situation, it had confirmed that the relevant login credentials were disabled, and notified the relevant departments to carry out investigations and strengthen monitoring. General data security will be leaked from three aspects:

  • The first one is being blasted during external communication, attacking the database, and the internal information is stolen through external websites;
  • The second one is the internal personnel ’s unauthorized operation to leak data;
  • The third one is that the other party did not use or save the data as agreed, resulting in data leakage.

The data breach caused Marriott to encounter huge claims. According to public information, after the Starwood information leak in 2018, the US Litigation Group filed a lawsuit against Marriott on behalf of many consumers, with a claim amount of US $ 12.5 billion.

LIFARS’ Incident Response and Digital Forensic highly skilled team of professionals will effectively manage data breach response, examine digital evidence and compromised systems for forensic artifacts of threat actor actions, lateral movement and data exfiltration, including social security numbers, driver licenses, health records, or any other sensitive data. Our skilled investigative team leverages knowledge from previous investigations to better understand an attacker’s lateral movement through an enterprise using attacker exploitation techniques, tactics and procedures (TTP) and collected set of Indicators of Compromise(IOCs). Communication with executives and board is done on a daily basis. Why LIFARS?

  • CYBER MILITARY EXPERIENCE: The best-trained experts and minds are needed to address threat actors that attack your organization and defeat his persistence on your network.
  • HIGH DEPLOYMENT: Our response team can quickly adapt to your immediate needs. You can rely on us in any situation.
  • 24/7 SUPPORT: Our Incident Response Management Service is available 24 hours a day 7 days a week, with an active response within minutes.
  • CONSTANT COMMUNICATION: Continuous updates to your management tier of our ongoing progress.



Contact LIFARS Immediately For

Mitigating Cyber Risks in Your Organization