Skip to main content
photo of marriott hotel

Marriott Data Breach Investigation

Written by The Lyon Firm on . Posted in Data Breach.

Thank you for considering The Lyon Firm. At this time, we are not accepting plaintiffs related to this specific consumer issue. However, if you would like to be contacted in the future, please complete the contact form. By completing the form you will be contacted if the Firm begins accepting new cases on this matter, and you will also be included in firm news alerts related to important consumer safety and privacy issues to help keep you informed about related issues.

The Lyon Firm is actively involved in personal privacy and healthcare data theft cases and is currently investigating the Marriott data breach on behalf of data breach victims and plaintiffs nationwide.

Marriott recently confirmed that it suffered its second data breach of the year. The breach allegedly compromised 20 gigabytes of data including credit card details and personal information about guests and employees.

While this particular data breach may be a small scale attack, it underscores the threat of phishing scams and other social engineering network security attacks.

What is Social Engineering?

Social engineering scams simply manipulate an employee into sharing sensitive information, or infect their device with malware.

Security experts say human error is one of the biggest risks to an organization’s security. All it took to steal data from Marriott, for example, was for a scammer to manipulate one employee into handing over temporary access to their device.

In the course of a busy and stressful work day, many employees can make a mistake and inadvertently hand over login passwords or other exploitable info.

Phishing scams, when a hacker sends an email in an attempt to trick a user into clicking on a malware attachment, are also a form of social engineering attack. Social engineering attacks represent about a quarter of breaches in 2022.

Companies are urged to better handle future social engineering threats with security awareness training, which educates employees on phishing, social engineering and other manipulation attempts.