Marriott International has acknowledged yet another data breach, this time impacting between 300 and 400 individuals.
Marriott told Dark Reading that it was a social-engineering scam that was able to trick a single hotel employee into turning over credentials for computer access. Now, the attackers want extortion money. The hotel chain added that it’s preparing to notify people who were compromised.
DataBreaches.net was first to report on the latest Marriott compromise after the outlet said the threat actors contacted it to boast about the breach. The report said the Marriott attackers specifically targeted the Marriott at the BWI airport in Baltimore, Md., and were able to exfiltrate 20 GBs of data, including credit card details.
“The threat actor did not gain access to Marriott’s core network,” a Marriott spokesperson said in a statement to Dark Reading. “Our investigation determined that the information accessed primarily…