Marriott Hotels Company CyberSecurity Posture
MarriottHotels.com
With over 500 properties worldwide, Marriott Hotels has reimagined hospitality to exceed the expectations of business, group, and leisure travelers. Marriott Hotels, Marriott’s flagship brand of quality-tier, full-service hotels and resorts, provides consistent, dependable and genuinely caring experiences to guests on their terms. Marriott is a brilliant host to guests who effortlessly blend life and work, and who are inspired by how modern travel enhances them both. Our hotels offer warm, professional service; sophisticated yet functional guest room design; lobby spaces that facilitate working, dining and socializing; restaurants and bars serving international cuisine prepared simply and from the freshest ingredients; meeting and event spaces and services that are gold standard; and expansive, 24-hour fitness facilities.
Company Details
marriott_hotels_resorts
42,337
641,744
7211
MarriottHotels.com
0
MAR_3003810
In-progress
Marriott Hotels Risk Score (AI oriented)Between 750 and 799
Marriott Hotels Global Score (TPRM)XXXX
Description: A third attack against the hotel chain, Marriott, has resulted in yet another data breach. This is the second time this year that data has been stolen from the hotel firm. An employee at the BWI Airport Marriott in Baltimore stated that about 20GB of data, including credit card numbers and PII of visitors and employees, had been stolen. The hacking organisation requested a ransom from Marriott to keep the data they had obtained from being released, but the money was not paid.
No incidents recorded for Marriott Hotels in 2026.
No incidents recorded for Marriott Hotels in 2026.
No incidents recorded for Marriott Hotels in 2026.
Marriott Hotels cyber incidents detection timeline including parent company and subsidiaries
With over 500 properties worldwide, Marriott Hotels has reimagined hospitality to exceed the expectations of business, group, and leisure travelers. Marriott Hotels, Marriott’s flagship brand of quality-tier, full-service hotels and resorts, provides consistent, dependable and genuinely caring experiences to guests on their terms. Marriott is a brilliant host to guests who effortlessly blend life and work, and who are inspired by how modern travel enhances them both. Our hotels offer warm, professional service; sophisticated yet functional guest room design; lobby spaces that facilitate working, dining and socializing; restaurants and bars serving international cuisine prepared simply and from the freshest ingredients; meeting and event spaces and services that are gold standard; and expansive, 24-hour fitness facilities.
Founded in Germany in 1897, Kempinski Hotels has long reflected the finest traditions of European hospitality. Today, as ever, Kempinski is synonymous with distinctive luxury. Located in many of the world's most well-known cities and resorts, the Kempinski collection includes hotels in a grand mann
We are Accor We are more than 290,000 hospitality experts placing people at the heart of what we do, creating emotion for our guests, and nurturing passion for service and achievement beyond limits. Building on the strength of our teams and of our fully integrated ecosystem of leading brands, perso
Radisson Hotel Group is an international hotel group, operating in EMEA and APAC with over 1,320 hotels in operation and under development in +95 countries. The international hotel group is rapidly expanding with a plan to significantly grow the portfolio. The Group’s overarching brand promise is Ev
Minor Hotels is a global hospitality leader with over 560 hotels and resorts across six continents, a diverse portfolio of F&B businesses and a selection of luxury transportation services. With over four decades of experience, we build stronger brands, foster lasting partnerships, and drive business
Located in the heart of each destination we call home, a stay at any Fairmont hotel is truly unforgettable. Known for grand and awe-inspiring properties and thoughtful and engaging colleagues who aim to make each and every stay a cherished and memorable experience, we have been the stage for some of
IHG Hotels & Resorts [LON:IHG, NYSE:IHG (ADRs)] is a global hospitality company, with a purpose to provide True Hospitality for Good. With a family of 19 hotel brands and IHG One Rewards, one of the world's largest hotel loyalty programmes, IHG has over 6,300 open hotels in more than 100 countries,
Mandarin Oriental Hotel Group is the award-winning owner and operator of some of the world’s most luxurious hotels, resorts and residences. Having grown from its Asian roots into a global brand, the Group now operates 43 hotels, 12 residences and 23 exclusive homes in 26 countries and territories, w
Caesars Entertainment, Inc. is the largest casino-entertainment Company in the U.S. and one of the world's most diversified casino-entertainment providers. Since its beginning in Reno, NV, in 1937, Caesars Entertainment, Inc. has grown through development of new resorts, expansions and acquisitions.
Since it was founded in 1950 and it created the all-inclusive vacation concept, Club Med has been the world leader on its market, and has developed a resolutely upscale, friendly and multicultural spirit. Club Med boasts 70 resorts located in the most beautiful sites in the world, a cruise ship and
.png)
Ghana's banking sector has taken a major step toward strengthening its defences against rapidly escalating cyber threats, as top banking...
Safaricom Business on Friday hosted an exclusive cybersecurity breakfast session, bringing together over 50 senior IT and security...
Article - Marriott Focuses on AI and Cybersecurity in Technology Overhaul - Marriott International is implementing a digital transformation...
The multinational hospitality giant is building a model-agnostic chassis featuring an agentic layer.
Italy's digital agency (AGID) says a cybercriminal's claims concerning a spate of data thefts affecting various hotels across the country...
66% of hotel IT leaders expect more cyberattacks this summer. Learn why AI threats, deepfakes, and outdated security put guest data and...
Cybersecurity hospitality industry challenges grow as millions of travelers share sensitive data daily with hotels and travel services.
Cybersecurity is crucial for hotels and other hospitality businesses. Data breaches risk severe financial penalties and diminish customer trust, threatening...
High-profile incidents like the Marriott International breach and the recent Otelier cyberattack reveal the devastating risks for hoteliers and their guests.
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Marriott Hotels is http://www.MarriottHotels.com.
According to Rankiteo, Marriott Hotels’s AI-generated cybersecurity score is 779, reflecting their Fair security posture.
According to Rankiteo, Marriott Hotels currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Marriott Hotels has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
According to Rankiteo, Marriott Hotels is not certified under SOC 2 Type 1.
According to Rankiteo, Marriott Hotels does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Marriott Hotels is not listed as GDPR compliant.
According to Rankiteo, Marriott Hotels does not currently maintain PCI DSS compliance.
According to Rankiteo, Marriott Hotels is not compliant with HIPAA regulations.
According to Rankiteo,Marriott Hotels is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Marriott Hotels operates primarily in the Hospitality industry.
Marriott Hotels employs approximately 42,337 people worldwide.
Marriott Hotels presently has no subsidiaries across any sectors.
Marriott Hotels’s official LinkedIn profile has approximately 641,744 followers.
Marriott Hotels is classified under the NAICS code 7211, which corresponds to Traveler Accommodation.
Yes, Marriott Hotels has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/marriott-international.
Yes, Marriott Hotels maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/marriott_hotels_resorts.
As of January 21, 2026, Rankiteo reports that Marriott Hotels has experienced 1 cybersecurity incidents.
Marriott Hotels has an estimated 13,887 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Title: Data Breach at Marriott Hotel Chain
Description: A third attack against the hotel chain, Marriott, has resulted in yet another data breach. This is the second time this year that data has been stolen from the hotel firm. An employee at the BWI Airport Marriott in Baltimore stated that about 20GB of data, including credit card numbers and PII of visitors and employees, had been stolen. The hacking organisation requested a ransom from Marriott to keep the data they had obtained from being released, but the money was not paid.
Type: Data Breach
Motivation: Financial Gain
Common Attack Types: The most common types of attacks the company has faced is Breach.
Data Compromised: Credit card numbers, Pii
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Credit Card Numbers, Pii and .
Entity Name: Marriott
Entity Type: Hotel Chain
Industry: Hospitality
Location: Baltimore
Type of Data Compromised: Credit card numbers, Pii
Sensitivity of Data: High
Last Ransom Demanded: The amount of the last ransom demanded was True.
Most Significant Data Compromised: The most significant data compromised in an incident were Credit Card Numbers, PII and .
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were PII and Credit Card Numbers.
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was True.
.png)
SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler. Root causeThe commitHash variable, derived from user input via the --commit-hash CLI argument, is interpolated directly into a shell command using template literals (e.g., execSync(`git show -s --format=%B ${commitHash}`)). Shell metacharacters are interpreted by the shell, enabling command execution. ImpactThis vulnerability is generally hard to exploit, as it requires --commit-hash to be attacker controlled. The vulnerability primarily affects CI/CD environments where `wrangler pages deploy` is used in automated pipelines and the --commit-hash parameter is populated from external, potentially untrusted sources. An attacker could exploit this to: * Run any shell command. * Exfiltrate environment variables. * Compromise the CI runner to install backdoors or modify build artifacts. Credits Disclosed responsibly by kny4hacker. Mitigation * Wrangler v4 users are requested to upgrade to Wrangler v4.59.1 or higher. * Wrangler v3 users are requested to upgrade to Wrangler v3.114.17 or higher. * Users on Wrangler v2 (EOL) should upgrade to a supported major version.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid