Marriott Hotels Company Cyber Security Posture
marriott.comWith over 500 properties worldwide, Marriott Hotels has reimagined hospitality to exceed the expectations of business, group, and leisure travelers. Marriott Hotels, Marriottโs flagship brand of quality-tier, full-service hotels and resorts, provides consistent, dependable and genuinely caring experiences to guests on their terms. Marriott is a brilliant host to guests who effortlessly blend life and work, and who are inspired by how modern travel enhances them both. Our hotels offer warm, professional service; sophisticated yet functional guest room design; lobby spaces that facilitate working, dining and socializing; restaurants and bars serving international cuisine prepared simply and from the freshest ingredients; meeting and event spaces and services that are gold standard; and expansive, 24-hour fitness facilities.
Marriott Hotels Company Details
marriott_hotels_resorts
39794 employees
621648.0
721
Hospitality
marriott.com
Scan still pending
MAR_3003810
In-progress
Marriott Hotels Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
Marriott Hotels Global Score.png)
Marriott Hotels Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
Marriott Hotels Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Marriott Hotels | Breach | 100 | 5 | 07/2022 | MAR1318722 | Link | |
Rankiteo Explanation : Attack threatening the organization's existenceDescription: A third attack against the hotel chain, Marriott, has resulted in yet another data breach. This is the second time this year that data has been stolen from the hotel firm. An employee at the BWI Airport Marriott in Baltimore stated that about 20GB of data, including credit card numbers and PII of visitors and employees, had been stolen. The hacking organisation requested a ransom from Marriott to keep the data they had obtained from being released, but the money was not paid. | |||||||
| Marriott International | Breach | 80 | 4 | 06/2022 | MAR13023722 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Hotel giant Marriott International suffered a data breach after an unknown threat actor breached one of its properties and stole 20GB of files. The hackers stole 20GB worth of documents containing non-sensitive internal business files and some credit card information. Marriott hired a third-party security firm to investigate the incident and notified the affected individuals. | |||||||
| Marriott International, Inc. | Breach | 60 | 3 | 9/2019 | MAR327072925 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: The California Office of the Attorney General reported on October 30, 2019, that Marriott International, Inc. experienced a data breach involving 1,552 California residents. The breach was caused by unauthorized access to information about certain associates through a vendor's network, compromising personal data including names, addresses, and Social Security numbers. Marriott has terminated its relationship with the vendor and is offering credit monitoring services. | |||||||
| Marriott International | Data Leak | 60 | 3 | 09/2019 | MAR81730423 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: Hotel giant Marriott International suffered a data breach after an unknown person gained access to information about certain Marriott associates by accessing the network of an outside vendor formerly used by Marriott. Marriott immediately confirmed that the vendor was taking appropriate to steps to investigate the incident. The vendor reported that it was working with a forensic firm and had notified law enforcement. This incident did not impact the security of Marriottโs internal HR systems or platforms. The information in the document received by this vendor that contains your information includes your name, address, and Social Security number. Marriott hired a third-party security firm to investigate the incident and notified the affected individuals. | |||||||
Marriott Hotels Company Subsidiaries
With over 500 properties worldwide, Marriott Hotels has reimagined hospitality to exceed the expectations of business, group, and leisure travelers. Marriott Hotels, Marriottโs flagship brand of quality-tier, full-service hotels and resorts, provides consistent, dependable and genuinely caring experiences to guests on their terms. Marriott is a brilliant host to guests who effortlessly blend life and work, and who are inspired by how modern travel enhances them both. Our hotels offer warm, professional service; sophisticated yet functional guest room design; lobby spaces that facilitate working, dining and socializing; restaurants and bars serving international cuisine prepared simply and from the freshest ingredients; meeting and event spaces and services that are gold standard; and expansive, 24-hour fitness facilities.
Access Data Using Our API
Get company history
Rapid.png)
Marriott Hotels Cyber Security News
Marriott Gets $52 Million Slap On Wrist For Breaches Due To โLax Securityโ
Marriott has agreed to pay $52 million in a settlement with the FTC for its failure to keep customers' data safe. getty. M arriott continues toย ...
FTC settles yearslong investigation into Marriottโs โsecurity failuresโ
The federal agency alleges Marriott and Starwood failed to implement appropriate password controls, access controls, firewall controls orย ...
Finalized FTC Order Demands Marriott and Starwood Implement a Robust Data Security Program Within 180 Days
The Federal Trade Commission (FTC) has finalized an order directing Marriott International and its subsidiary Starwood Hotels & Resortsย ...
Marriott will pay $52M, improve cybersecurity to settle multiple data breaches
The FTC complaint alleges Marriott failed to do multiple things, including implementing appropriate password control, patching outdated softwareย ...
FTC orders Marriott to pay $52M and enhance security practices
The U.S. Federal Trade Commission ordered Marriott International Inc. to bolster its inadequate security program and pay a $52 million penaltyย ...
Marriott agrees to pay $52 million, beef up data security to resolve probes over data breaches
In November 2018, Marriott announced a massive data breach in which hackers accessed information on as many as 383 million guests. In that case,ย ...
Marriott agrees to pay $52 million settlement, improve data security practices
The actions will settle investigations into security failures that led to overlapping data breaches affecting hundreds of millions of customers.
Marriott Agrees $52m Settlement for Massive Data Breach
The agreement with the US states settles allegations by the attorney generals that Marriott violated state consumer protection laws, personalย ...
Marriott & Starwood Face $52M Settlement After Security Breaches
Marriott and its subsidiary Starwood Hotels have agreed to pay $52 million in fines and create a revamped information security program,ย ...
Marriott Hotels Similar Companies
Delaware North
Delaware North is a global leader in the hospitality and entertainment industry. The company annually serves more than a half-billion guests across three continents, including at high-profile sports venues, airports, national and state parks, restaurants, resorts, hotels and casinos. Building on mor
Club Med
Since it was founded in 1950 and it created the all-inclusive vacation concept, Club Med has been the world leader on its market, and has developed a resolutely upscale, friendly and multicultural spirit. Club Med boasts 70 resorts located in the most beautiful sites in the world, a cruise ship and
Marriott Vacations Worldwide
Marriott Vacations Worldwideย encompasses a diverseย portfolio of businessesย โ and a distinctiveย family of brands. Innovation. Integrity. Excellence. This is our story. And while the company spans brands and businesses, decades and continents, our shared inspiration continues to drive us forward: de
Hampton
The Hampton brand, including Hampton Inn, Hampton Inn & Suites and Hampton by Hilton, is an award-winning leader in the upper-midscale hotel segment. With more than 2,700 properties in 32 countries globally, Hampton is part of Hilton Worldwide, the leading global hospitality company. All Hampton Hot
Shangri-La Group
Headquartered in Hong Kong SAR, the Shangri-La Group has grown from a single hotel business to a diverse and integrated global portfolio comprising quality real estate and investment properties, wellness and lifestyle facilities. Today, the Group owns, operates and manages 100+ hotels under our fami
Rotana Hotel Management Corporation PJSC
Since inception, Rotana has grown to be the regionโs largest hospitality management company, and a brand that is widely recognized and admired. Rotana currently manages a portfolio of over 100 properties throughout the Middle East, Africa, Eastern Europe and Tรผrkiye offering a wide range of servic
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Marriott Hotels CyberSecurity History Information
How many cyber incidents has Marriott Hotels faced?
Total Incidents: According to Rankiteo, Marriott Hotels has faced 4 incidents in the past.
What types of cybersecurity incidents have occurred at Marriott Hotels?
Incident Types: The types of cybersecurity incidents that have occurred incidents Data Leak and Breach.
How does Marriott Hotels detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through remediation measures with Terminated relationship with the vendor, Offering credit monitoring services and third party assistance with Forensic firm and law enforcement notified with Yes and communication strategy with Affected individuals notified and third party assistance with Hired a third-party security firm to investigate the incident and communication strategy with Notified the affected individuals.
Incident Details
Can you provide details on each incident?
Incident : Data Breach
Title: Marriott International Data Breach
Description: Unauthorized access to information about certain associates through a vendor's network, compromising personal data including names, addresses, and Social Security numbers.
Date Publicly Disclosed: 2019-10-30
Type: Data Breach
Attack Vector: Unauthorized Access
Incident : Data Breach
Title: Marriott International Data Breach
Description: Hotel giant Marriott International suffered a data breach after an unknown person gained access to information about certain Marriott associates by accessing the network of an outside vendor formerly used by Marriott.
Type: Data Breach
Attack Vector: Access to vendor network
Threat Actor: Unknown
Incident : Data Breach
Title: Marriott International Data Breach
Description: Hotel giant Marriott International suffered a data breach after an unknown threat actor breached one of its properties and stole 20GB of files.
Type: Data Breach
Threat Actor: Unknown
Incident : Data Breach
Title: Data Breach at Marriott Hotel Chain
Description: A third attack against the hotel chain, Marriott, has resulted in yet another data breach. This is the second time this year that data has been stolen from the hotel firm. An employee at the BWI Airport Marriott in Baltimore stated that about 20GB of data, including credit card numbers and PII of visitors and employees, had been stolen. The hacking organisation requested a ransom from Marriott to keep the data they had obtained from being released, but the money was not paid.
Type: Data Breach
Motivation: Financial Gain
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Vendor network.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach MAR327072925
Data Compromised: Names, Addresses, Social Security numbers
Incident : Data Breach MAR81730423
Data Compromised: Name, Address, Social Security number
Incident : Data Breach MAR13023722
Data Compromised: Internal business files, Credit card information
Incident : Data Breach MAR1318722
Data Compromised: Credit Card Numbers, PII
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Addresses, Social Security numbers, Personally Identifiable Information, Internal business files, Credit card information, Credit Card Numbers and PII.
Which entities were affected by each incident?
Incident : Data Breach MAR327072925
Entity Type: Corporation
Industry: Hospitality
Customers Affected: 1552
Response to the Incidents
What measures were taken in response to each incident?
Incident : Data Breach MAR327072925
Remediation Measures: Terminated relationship with the vendor, Offering credit monitoring services
Incident : Data Breach MAR81730423
Third Party Assistance: Forensic firm
Law Enforcement Notified: Yes
Communication Strategy: Affected individuals notified
Incident : Data Breach MAR13023722
Third Party Assistance: Hired a third-party security firm to investigate the incident
Communication Strategy: Notified the affected individuals
How does the company involve third-party assistance in incident response?
Third-Party Assistance: The company involves third-party assistance in incident response through Forensic firm, Hired a third-party security firm to investigate the incident.
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach MAR327072925
Type of Data Compromised: Names, Addresses, Social Security numbers
Number of Records Exposed: 1552
Sensitivity of Data: High
Personally Identifiable Information: True
Incident : Data Breach MAR81730423
Type of Data Compromised: Personally Identifiable Information
Sensitivity of Data: High
Personally Identifiable Information: Name, Address, Social Security number
Incident : Data Breach MAR13023722
Type of Data Compromised: Internal business files, Credit card information
Data Exfiltration: 20GB of files
Incident : Data Breach MAR1318722
Type of Data Compromised: Credit Card Numbers, PII
Sensitivity of Data: High
Data Exfiltration: True
Personally Identifiable Information: True
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Terminated relationship with the vendor, Offering credit monitoring services.
Ransomware Information
Was ransomware involved in any of the incidents?
References
Where can I find more information about each incident?
Incident : Data Breach MAR327072925
Source: California Office of the Attorney General
Date Accessed: 2019-10-30
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2019-10-30.
Investigation Status
What is the current status of the investigation for each incident?
Incident : Data Breach MAR81730423
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through were Affected individuals notified and Notified the affected individuals.
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Data Breach MAR81730423
Entry Point: Vendor network
Post-Incident Analysis
What is the company's process for conducting post-incident analysis?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Forensic firm, Hired a third-party security firm to investigate the incident.
Additional Questions
General Information
What was the amount of the last ransom demanded?
Last Ransom Demanded: The amount of the last ransom demanded was True.
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident were an Unknown and Unknown.
Incident Details
What was the most recent incident publicly disclosed?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2019-10-30.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Addresses, Social Security numbers, Name, Address, Social Security number, Internal business files, Credit card information, Credit Card Numbers and PII.
Response to the Incidents
What third-party assistance was involved in the most recent incident?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Forensic firm, Hired a third-party security firm to investigate the incident.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, Addresses, Social Security numbers, Name, Address, Social Security number, Internal business files, Credit card information, Credit Card Numbers and PII.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 157.0.
Ransomware Information
What was the highest ransom demanded in a ransomware incident?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was True.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Vendor network.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
