Marriott Reports Data Breach Affecting Up to 5.2 Million Guests! Marriott International today announced that in a data breach incident found at the end of February 2020, the personal information of approximately 5.2 million hotel guests was affected.
“At the end of February 2020, we noticed that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property,” the company said in a statement.
“We believe this activity started in mid-January 2020. Upon discovery, we immediately ensured the login credentials were disabled, began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests.” Marriott Reports Data Breach Affecting Up to 5.2 Million Guests!
While an investigation into this incident is underway, Marriott says there is currently no “reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.”
Marriott has set up an online self-service platform for guests who want to decide whether their information has been included in this data breach and, if so, what types of personal data have been included.
Additionally, members of Marriott Bonvoy who had their details potentially compromised in the incident had their passwords disabled and will be requested to change their password at the next login, as well as prompted to enable multi-factor authentication.
The following guest details may have been involved in the attack, in different combinations for each of the affected guests, according to Marriott:
• Contact details (e.g., name, mailing address, email address, and phone number)
• Loyalty Account Information (e.g., account number and points balance, but not passwords)
• Additional Personal Details (e.g., company, gender, and birthday day and month)
• Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers)
• Preferences (e.g., stay/room preferences and language preference)
Marriott also offers affected guests the opportunity, free of charge for 1 year, to enroll in the IdentityWorks Personal Information Monitoring Program.
The organization has also alerted local authorities to the accident, and supports ongoing investigations.
This is Marriott’s second data breach in the last two years, as the company also revealed in November 2018 that it was compromising its Starwood Hotels guest reservation database.
As Marriott said at the time, signs of unauthorized access have been found to 2014, jeopardizing the personal details of about 339 million guest records worldwide.
Check out our services page to see how we can help you stay protected!