Marriott discloses data breach impacting up to 5.2 Million guests

Marriott disclosed a new security breach detected at the end of February 2020 that could impact up to 5.2 million of its guests.

Marriott International discloses a data breach that exposed the personal information of roughly 5.2 million hotel guests, the incident was detected at the end of February 2020.

“At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. We believe this activity started in mid-January 2020.” reads the data breach notification published by the company. “Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests.”

The following information may have been involved:

Contact Details (e.g., name, mailing address, email address, and phone number)
Loyalty Account Information (e.g., account number and points balance, but not passwords)
Additional Personal Details (e.g., company, gender, and birthday day and month)
Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers)
Preferences (e.g., stay/room preferences and language preference)

The investigation is still ongoing, at the time Marriott confirmed that it is not aware of exposure of the information involved, such as Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.

Guests could check whether they have been impacted by the security breach by visiting the online portal set up by the company.

The company also disabled and forced the reset of the passwords of Marriott Bonvoy members impacted in the incident, it also prompted to enable multi-factor authentication.

Marriott is notifying affected individuals and it is offering them free identity protection services for one year.

In November 2018, the company announced that hackers compromised guest reservation database at its subsidiary Starwood hotels and stolen personal details of about 500 million guests.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Marriott, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.