EID Registration & Help
July 31, 2015 Data Security, Owner & Franchise Communications

Additional Information Regarding Security of PBX Phone Systems

Franchisees | As communicated in May, there have been attacks on non-Marriott branded hotel PBX (phone) systems where the attacker was able to access the PBX by dialing into the attached modem and using the default administrator account and password (if the hotel had not changed the default administrator password).

Marriott Enterprise Security was recently contacted by one of our telecommunications partners in regards to another industry-wide security event targeting the hospitality industry. Scammers are again gaining access to hotel PBX systems by using standard manufacturers’ privileged accounts and pass codes. In these recent cases, the scammers are then routing international calls through the phone system. This is a scam known as International Revenue Sharing Fraud.

While we have seen instances of this on Mitel PBX systems, franchised hotels are encouraged to take the following action regardless of which PBX system they use:

  • Contact your PBX vendor to determine if the pass codes for all privileged accounts have been changed to something other than the default.
  • Turn off the attached modem if it is not needed for an active support call.
  • Always review your long distance charges. If there are fraudulent international charges, contact your long distance carrier immediately.

For questions/concerns, contact the Marriott Security Network Operations Center. Note: Marriott-managed hotels have been addressed separately by Marriott’s iT teams. Any questions regarding Marriott-managed hotels in your portfolio should be directed to Telecom-Voice@marriott.com.

We appreciate your prompt action to address this important security issue.