Ransomware victim disclosure
← All victimsMarriott International
listed as marriott.com · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 7, 2025
- Data leakeddate unknown
At a glance
- Group
- LockBit
- Status
- Data leaked
- Country
- United States
- Sector
- Hospitality and Tourism
- Listed on leak site
- Dec 7, 2025
About the victim
AI dossier — public-source company profileMarriott International is one of the world's largest hospitality companies, operating and franchising over 9,000 hotels and resorts across more than 140 countries under 30+ brands including Marriott, Sheraton, Westin, and Ritz-Carlton. The company is headquartered in Bethesda, Maryland, and operates the Marriott Bonvoy loyalty program with hundreds of millions of members. It serves both leisure and business travelers across luxury, premium, and select service segments.
- Industry
- Hospitality & Hotel Management
- Address
- 7750 Wisconsin Avenue, Bethesda, Maryland 20814, United States
- Employees
- 120000
- Founded
- 1927
Attack summary
Severity: critical — Marriott International holds massive volumes of regulated PII including passport numbers, payment card data, and loyalty program records for hundreds of millions of global guests. A confirmed data_published status by a major ransomware group against one of the world's largest hotel chains constitutes a critical-severity incident given the scale of potential exposure of sensitive personal and financial data.LockBit claims to have attacked Marriott International, with the disclosure status marked as data_published, indicating exfiltration and/or publication of data. The leak post content is minimal and no specific data categories or ransom amount were stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Guest personal information
- Loyalty program (Marriott Bonvoy) member data
- Reservation records
- Payment card data
- Employee records
What the group claims
Book Directly & Save at any of our 9000+ Marriott Bonvoy Hotels. Choose from Luxury Hotels, Reso...
Sources
- Victim sitemarriott.com
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

