Marriott International
| Primary URL | Location | Industry | www[.]marriott[.]com |
Country
United States of America
|
Hospitality & Leisure
|
|---|
Profile
Marriott International operates as a global hospitality company, owning, managing, and franchising hotels and resorts under multiple brands. It provides lodging accommodations, food and beverage services, meeting and event spaces, and travel-related amenities to guests. Its headquarters is located in the United States of America. The company serves a diverse market that includes business travelers, leisure tourists, and groups such as airline crews. It also offers loyalty programs that track guest preferences and travel history.
The organization's size is reflected in incidents that have impacted millions of guests, such as the 2020 breach affecting approximately 5.2 million individuals and the 2014 incident compromising data of around 500 million guests. These figures indicate a substantial global presence and a large customer base across numerous countries. Marriott's operations include both owned properties and franchised locations, as well as subsidiaries like Starwood Hotels prior to integration. The company's reach extends to airport hotels, as seen in the 2022 incidents at BWI and Maryland airport properties.
Marriott has demonstrated a focus on maintaining loyalty program data and guest preferences, which are frequent targets in cyberattacks. It has faced repeated social engineering attacks aimed at employees, leading to unauthorized access and data exfiltration. The company has responded to breaches by notifying affected individuals, engaging law enforcement, and providing identity protection services without paying ransoms. Marriott's corporate structure includes external vendors that handle sensitive associate information, as shown by the 2019 vendor-related exposure. The organization has also been targeted by state‑aligned groups such as the Winnti malware campaign and the GNN threat actor, highlighting its attractiveness to espionage actors. These incidents underscore the importance of robust security measures for protecting both guest and associate data across its distributed environment.