Marriott International Company Cyber Security Posture
marriott.comMarriott International, Inc. is based in Bethesda, Maryland, USA, and encompasses a portfolio of approximately 9,000 properties across more than 30 leading brands in 141 countries and territories. Its heritage can be traced to a root beer stand opened in Washington, D.C., in 1927 by J. Willard and Alice S. Marriott. Marriott International is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Marriott International does not discriminate on the basis of disability, veteran status or any other basis protected under federal, state or local laws. Community Guidelines:ย We reserve the right to remove without any notice content that we determine in our sole discretion is offensive or illegal, contains personally identifiable information, trademarks or copyrights belonging to a third party, advertises a third partyโs products or services, or is otherwise inappropriate. Application Tips:ย We encourage job seekers to protect themselves from email and recruiting scams. Please note: 1) We do not accept applications via email or fax; 2) We never ask for money as part of the application process; 3) We only contact job applicants from approved email domains. Please find more information about Marriott Internationalโs job application process and approved email address domainsย here: http://www.careers.marriott.com/tips-for-applying/
Marriott International Company Details
marriott-international
218361 employees
2813520.0
721
Hospitality
marriott.com
373
MAR_8090579
In-progress
Marriott International Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
Marriott International Global Score.png)
Marriott International Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
Marriott International Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Marriott Hotels | Breach | 100 | 5 | 07/2022 | MAR1318722 | Link | |
Rankiteo Explanation : Attack threatening the organization's existenceDescription: A third attack against the hotel chain, Marriott, has resulted in yet another data breach. This is the second time this year that data has been stolen from the hotel firm. An employee at the BWI Airport Marriott in Baltimore stated that about 20GB of data, including credit card numbers and PII of visitors and employees, had been stolen. The hacking organisation requested a ransom from Marriott to keep the data they had obtained from being released, but the money was not paid. | |||||||
| Marriott International | Breach | 80 | 4 | 06/2022 | MAR13023722 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Hotel giant Marriott International suffered a data breach after an unknown threat actor breached one of its properties and stole 20GB of files. The hackers stole 20GB worth of documents containing non-sensitive internal business files and some credit card information. Marriott hired a third-party security firm to investigate the incident and notified the affected individuals. | |||||||
| Marriott International, Inc. | Breach | 60 | 3 | 9/2019 | MAR327072925 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: The California Office of the Attorney General reported on October 30, 2019, that Marriott International, Inc. experienced a data breach involving 1,552 California residents. The breach was caused by unauthorized access to information about certain associates through a vendor's network, compromising personal data including names, addresses, and Social Security numbers. Marriott has terminated its relationship with the vendor and is offering credit monitoring services. | |||||||
| Marriott International | Data Leak | 60 | 3 | 09/2019 | MAR81730423 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: Hotel giant Marriott International suffered a data breach after an unknown person gained access to information about certain Marriott associates by accessing the network of an outside vendor formerly used by Marriott. Marriott immediately confirmed that the vendor was taking appropriate to steps to investigate the incident. The vendor reported that it was working with a forensic firm and had notified law enforcement. This incident did not impact the security of Marriottโs internal HR systems or platforms. The information in the document received by this vendor that contains your information includes your name, address, and Social Security number. Marriott hired a third-party security firm to investigate the incident and notified the affected individuals. | |||||||
Marriott International Company Subsidiaries
Marriott International, Inc. is based in Bethesda, Maryland, USA, and encompasses a portfolio of approximately 9,000 properties across more than 30 leading brands in 141 countries and territories. Its heritage can be traced to a root beer stand opened in Washington, D.C., in 1927 by J. Willard and Alice S. Marriott. Marriott International is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Marriott International does not discriminate on the basis of disability, veteran status or any other basis protected under federal, state or local laws. Community Guidelines:ย We reserve the right to remove without any notice content that we determine in our sole discretion is offensive or illegal, contains personally identifiable information, trademarks or copyrights belonging to a third party, advertises a third partyโs products or services, or is otherwise inappropriate. Application Tips:ย We encourage job seekers to protect themselves from email and recruiting scams. Please note: 1) We do not accept applications via email or fax; 2) We never ask for money as part of the application process; 3) We only contact job applicants from approved email domains. Please find more information about Marriott Internationalโs job application process and approved email address domainsย here: http://www.careers.marriott.com/tips-for-applying/
Access Data Using Our API
Get company history
Rapid.png)
Marriott International Cyber Security News
FTC settles yearslong investigation into Marriottโs โsecurity failuresโ
The federal agency alleges Marriott and Starwood failed to implement appropriate password controls, access controls, firewall controls orย ...
Marriott Gets $52 Million Slap On Wrist For Breaches Due To โLax Securityโ
Marriott has agreed to pay $52 million in a settlement with the FTC for its failure to keep customers' data safe. getty. M arriott continues toย ...
Finalized FTC Order Demands Marriott and Starwood Implement a Robust Data Security Program Within 180 Days
The Federal Trade Commission (FTC) has finalized an order directing Marriott International and its subsidiary Starwood Hotels & Resortsย ...
Marriott will pay $52M, improve cybersecurity to settle multiple data breaches
The FTC complaint alleges Marriott failed to do multiple things, including implementing appropriate password control, patching outdated softwareย ...
US FTC says Marriott will boost security to settle data breach charges
The U.S. Federal Trade Commission said on Wednesday it will require Marriott International and its subsidiary Starwood Hotels & Resortsย ...
FTC orders Marriott to pay $52M and enhance security practices
The U.S. Federal Trade Commission ordered Marriott International Inc. to bolster its inadequate security program and pay a $52 million penaltyย ...
Marriott agrees to pay $52 million, beef up data security to resolve probes over data breaches
In November 2018, Marriott announced a massive data breach in which hackers accessed information on as many as 383 million guests. In that case,ย ...
Marriott agrees to pay $52 million settlement, improve data security practices
The actions will settle investigations into security failures that led to overlapping data breaches affecting hundreds of millions of customers.
Marriott Agrees $52m Settlement for Massive Data Breach
The agreement with the US states settles allegations by the attorney generals that Marriott violated state consumer protection laws, personalย ...
Marriott International Similar Companies
Northland Properties
Recognized as one of Canada's fastest-growing hospitality, outdoor adventure and sports entertainment groups, we find our strength in our people and believe this is the foundation to our continued success. If you have a passion for taking care of people and creating unforgettable hospitality exper
Marriott Vacations Worldwide
Marriott Vacations Worldwideย encompasses a diverseย portfolio of businessesย โ and a distinctiveย family of brands. Innovation. Integrity. Excellence. This is our story. And while the company spans brands and businesses, decades and continents, our shared inspiration continues to drive us forward: de
Landry's
Landry's is a multinational, diversified restaurant, hospitality, gaming, and entertainment leader based in Houston, Texas. The company operates more than 600 establishments around the world, including well-known concepts, such as Landryโs Seafood House, Bubba Gump Shrimp Co., Rainforest Cafe, Mo
Club Med
Since it was founded in 1950 and it created the all-inclusive vacation concept, Club Med has been the world leader on its market, and has developed a resolutely upscale, friendly and multicultural spirit. Club Med boasts 70 resorts located in the most beautiful sites in the world, a cruise ship and
Hilton
Hilton (NYSE: HLT) is a leading global hospitality company with a portfolio of 24 world-class brands comprising more than 8,400 properties and over 1.25 million rooms, in 140 countries and territories. Dedicated to fulfilling its founding vision to fill the earth with the light and warmth of hospita
Hampton
The Hampton brand, including Hampton Inn, Hampton Inn & Suites and Hampton by Hilton, is an award-winning leader in the upper-midscale hotel segment. With more than 2,700 properties in 32 countries globally, Hampton is part of Hilton Worldwide, the leading global hospitality company. All Hampton Hot
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Marriott International CyberSecurity History Information
How many cyber incidents has Marriott International faced?
Total Incidents: According to Rankiteo, Marriott International has faced 4 incidents in the past.
What types of cybersecurity incidents have occurred at Marriott International?
Incident Types: The types of cybersecurity incidents that have occurred incidents Breach and Data Leak.
How does Marriott International detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through remediation measures with Terminated relationship with the vendor, Offering credit monitoring services and third party assistance with Forensic firm and law enforcement notified with Yes and communication strategy with Affected individuals notified and third party assistance with Hired a third-party security firm to investigate the incident and communication strategy with Notified the affected individuals.
Incident Details
Can you provide details on each incident?
Incident : Data Breach
Title: Marriott International Data Breach
Description: Unauthorized access to information about certain associates through a vendor's network, compromising personal data including names, addresses, and Social Security numbers.
Date Publicly Disclosed: 2019-10-30
Type: Data Breach
Attack Vector: Unauthorized Access
Incident : Data Breach
Title: Marriott International Data Breach
Description: Hotel giant Marriott International suffered a data breach after an unknown person gained access to information about certain Marriott associates by accessing the network of an outside vendor formerly used by Marriott.
Type: Data Breach
Attack Vector: Access to vendor network
Threat Actor: Unknown
Incident : Data Breach
Title: Marriott International Data Breach
Description: Hotel giant Marriott International suffered a data breach after an unknown threat actor breached one of its properties and stole 20GB of files.
Type: Data Breach
Threat Actor: Unknown
Incident : Data Breach
Title: Data Breach at Marriott Hotel Chain
Description: A third attack against the hotel chain, Marriott, has resulted in yet another data breach. This is the second time this year that data has been stolen from the hotel firm. An employee at the BWI Airport Marriott in Baltimore stated that about 20GB of data, including credit card numbers and PII of visitors and employees, had been stolen. The hacking organisation requested a ransom from Marriott to keep the data they had obtained from being released, but the money was not paid.
Type: Data Breach
Motivation: Financial Gain
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Vendor network.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach MAR327072925
Data Compromised: Names, Addresses, Social Security numbers
Incident : Data Breach MAR81730423
Data Compromised: Name, Address, Social Security number
Incident : Data Breach MAR13023722
Data Compromised: Internal business files, Credit card information
Incident : Data Breach MAR1318722
Data Compromised: Credit Card Numbers, PII
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Addresses, Social Security numbers, Personally Identifiable Information, Internal business files, Credit card information, Credit Card Numbers and PII.
Which entities were affected by each incident?
Incident : Data Breach MAR327072925
Entity Type: Corporation
Industry: Hospitality
Customers Affected: 1552
Response to the Incidents
What measures were taken in response to each incident?
Incident : Data Breach MAR327072925
Remediation Measures: Terminated relationship with the vendor, Offering credit monitoring services
Incident : Data Breach MAR81730423
Third Party Assistance: Forensic firm
Law Enforcement Notified: Yes
Communication Strategy: Affected individuals notified
Incident : Data Breach MAR13023722
Third Party Assistance: Hired a third-party security firm to investigate the incident
Communication Strategy: Notified the affected individuals
How does the company involve third-party assistance in incident response?
Third-Party Assistance: The company involves third-party assistance in incident response through Forensic firm, Hired a third-party security firm to investigate the incident.
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach MAR327072925
Type of Data Compromised: Names, Addresses, Social Security numbers
Number of Records Exposed: 1552
Sensitivity of Data: High
Personally Identifiable Information: True
Incident : Data Breach MAR81730423
Type of Data Compromised: Personally Identifiable Information
Sensitivity of Data: High
Personally Identifiable Information: Name, Address, Social Security number
Incident : Data Breach MAR13023722
Type of Data Compromised: Internal business files, Credit card information
Data Exfiltration: 20GB of files
Incident : Data Breach MAR1318722
Type of Data Compromised: Credit Card Numbers, PII
Sensitivity of Data: High
Data Exfiltration: True
Personally Identifiable Information: True
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Terminated relationship with the vendor, Offering credit monitoring services.
Ransomware Information
Was ransomware involved in any of the incidents?
References
Where can I find more information about each incident?
Incident : Data Breach MAR327072925
Source: California Office of the Attorney General
Date Accessed: 2019-10-30
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2019-10-30.
Investigation Status
What is the current status of the investigation for each incident?
Incident : Data Breach MAR81730423
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through were Affected individuals notified and Notified the affected individuals.
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Data Breach MAR81730423
Entry Point: Vendor network
Post-Incident Analysis
What is the company's process for conducting post-incident analysis?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Forensic firm, Hired a third-party security firm to investigate the incident.
Additional Questions
General Information
What was the amount of the last ransom demanded?
Last Ransom Demanded: The amount of the last ransom demanded was True.
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident were an Unknown and Unknown.
Incident Details
What was the most recent incident publicly disclosed?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2019-10-30.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Addresses, Social Security numbers, Name, Address, Social Security number, Internal business files, Credit card information, Credit Card Numbers and PII.
Response to the Incidents
What third-party assistance was involved in the most recent incident?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Forensic firm, Hired a third-party security firm to investigate the incident.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, Addresses, Social Security numbers, Name, Address, Social Security number, Internal business files, Credit card information, Credit Card Numbers and PII.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 157.0.
Ransomware Information
What was the highest ransom demanded in a ransomware incident?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was True.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Vendor network.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
