Marriott’s Management Company Suffers Data Leak – 85.4GB Exposed

It has happened again. A security incident involving Marriott. This time, 85.4GB have been exposed in a data leak.

On November, 2018, Marriott suffered a data breach. In all, 383 million customers were exposed (below the initial report of a half a billion customers). The breach saw class action lawsuits by January and even one lawsuit from Canada last month.

With all that has happened, you’d think that security would be heightened for Marriott and related companies. That may not necessarily be the case – at least to a sufficient level anyway. Now, reports are surfacing that Marriott’s parent company, The Pyramid Hotel Group, has suffered a data leak. From a report on PYMNTS:

The researchers, Noam Rotem and Ran Locar, found a breach that exposed 85.4GB of security audit logs. Inside, they found the personal identifying information (PII) of employees, dating as far back as April 19 of this year. On that date, the system might have done a reconfiguration or some maintenance that may have opened up the server to public viewing.

The viewable information includes alerts, system errors, policy violations and other cybersecurity events. It also contains server names and operating system details, information on cybersecurity policies, employees’ full names and usernames and other sensitive data.

Those affected include the Temple Bar Hotel in Ireland, Aloft Hotels in Florida, Carton House Luxury Hotel in Ireland, Tarrytown House Estate in New York and other Pyramid Hotel Group properties.

This information is dangerous because it could give hackers access to the hotels’ networks, enabling them to plan and execute a specific attack based on that information.

“In the worst-case scenario, this leak has the potential to put not only systems at risk, but the physical security [of] hotel guests and other patrons as well. Our team found multiple devices that control hotel locking mechanisms, electronic in-room safes and other physical security management systems,” vpnMentor wrote. “Especially in the wrong hands, this drives home the very real danger here of when cybersecurity flaws threaten real-world security.”

If anything, this shows that Facebook isn’t the only company around that has faced multiple security incidences. That, of course, is likely cold comfort for the hotel chain. This incident has the potential to re-open some old PR wounds at the very least. With that, the likely hope is that this latest data leak doesn’t get legs and cause even further damage to the company.

June really kicked things off with a bang in terms of security incidences. It started with a data leak that exposed 885 million records at First American Financial Corp. This certainly represents the second security incident we’ve been able to report on this month.

Drew Wilson on Twitter: @icecube85 and Facebook.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: