Ransomware victim disclosure
← All victimsMarriott International Inc
Claimed by SilentRansomGroup · listed 1 year ago
Status timeline
- ListedMay 6, 2025
- Data leakeddate unknown
At a glance
- Group
- SilentRansomGroup
- Status
- Data leaked
- Country
- United States
- Sector
- Hospitality and Tourism
- Listed on leak site
- May 6, 2025
About the victim
AI dossier — public-source company profileMarriott International Inc is the world's largest hotel company by number of properties, operating, franchising, and licensing a diverse portfolio of hotel and timeshare brands across over 130 countries. The company manages over 7,600 properties globally with approximately 174,000 employees.
- Industry
- Hospitality & Hotel Management
- Address
- 10 Parkway, Bethesda, Maryland 20817, United States
- Employees
- 174000
- Founded
- 1927
Attack summary
Severity: critical — Marriott handles guest PII at massive scale (hundreds of millions of customers globally) and employee data across 174,000 staff. Confirmed data publication by threat actor indicates successful exfiltration of sensitive hospitality data with direct exposure to individuals' personal information, financial records, and potential identity theft vectors.SilentRansomGroup claims to have conducted an attack on Marriott International resulting in data exfiltration. The group has published data, indicating confirmed breach with information disclosure.
Data the group says was taken
AI dossier — extracted from the leak post- Guest personal information
- Employee records
- Financial data
- Operational systems data
- Reservation systems
What the group claims
Marriott International, Inc. operates, franchises, and licenses hotels and timeshare properties worldw…
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

