As first reported by DataBreaches (opens in new tab), the group reached out to the publication to provide them with a sample of documents stolen in the breach including reservation logs for airline crew members and credit card authorization forms. While news of the breach is just being reported now, it actually occurred around a month ago. Instead of hacking into the hotel chain’s systems, the group employed social engineering to trick an associate at BWI Airport Marriott in Maryland into giving them access to their work computer. All told, the cybercriminals managed to steal credit card details and personally identifiable information (PIA) on guests and Marriott employees.
Failed ransom attempt
After stealing 20GB of data from Marriott, the cybercriminal group tried to contact the company numerous times. While they were initially in talks, the hotel chain suddenly stopped emailing them, according to a statement they provided to DataBreaches. “We are the ones who organized this leak and they were communicating with us. We were acting like a RedHat organization and they just stopped communicating with us,” the statement read. Although the group claimed to be acting as red hat hackers who don’t launch cyberattacks for their own gain, they did demand a ransom payment from Marriott not to release its stolen data. While the amount the cybercriminals asked for wasn’t disclosed, they did tell DataBreaches the price was rather high. In the end, Marriott didn’t end up paying the ransom which is also the right course of action when infected with ransomware. As such, we could see some of the information obtained in the data breach either leaked online or put up for sale on dark web hacking forums in the future.
What to do after a data breach
According to a report from CyberScoop (opens in new tab), Marriott said that most of the stolen data was “non-sensitive internal business files” regarding the operation of the firm’s hotel next to BWI airport. A Marriott spokesperson provided further details on the matter in a statement to Tom’s Guide, saying, “Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer. The threat actor did not gain access to Marriott’s core network." “Our investigation determined that the information accessed primarily contained non-sensitive internal business files regarding the operation of the property,” the Marriott statement continues. “The incident was contained to a short period of time. Marriott identified and was investigating the incident before the threat actor contacted the company in an extortion attempt, which Marriott did not pay. The company is preparing to notify 300-400 individuals regarding the incident. Marriott has also notified law enforcement and is supporting their investigation.” If your personal information has been exposed in a data breach, then investing in one of the best identity theft protection services is a good idea, as such services can help you recover your identity if it’s stolen. Companies that fall victim to data breaches often make these services available to affected customers for free. Likewise, you can also use HaveIBeenPwned (opens in new tab) to see whether or not your email, passwords and other information are available online.