Marriott discloses data breach impacting up to 5.2 Million guests

Marriott disclosed a new security breach detected at the end of February 2020 that could impact up to 5.2 million of its guests.

Marriott International discloses a data breach that exposed the personal information of roughly 5.2 million hotel guests, the incident was detected at the end of February 2020.

“At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. We believe this activity started in mid-January 2020.” reads the data breach notification published by the company. “Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests.”

The following information may have been involved:

• Contact Details (e.g., name, mailing address, email address, and phone number)
• Loyalty Account Information (e.g., account number and points balance, but not passwords)
• Additional Personal Details (e.g., company, gender, and birthday day and month)
• Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers)
• Preferences (e.g., stay/room preferences and language preference)

The investigation is still ongoing, at the time Marriott confirmed that it is not aware of exposure of the information involved, such as Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.

Guests could check whether they have been impacted by the security breach by visiting the online portal set up by the company.

The company also disabled and forced the reset of the passwords of Marriott Bonvoy members impacted in the incident, it also prompted to enable multi-factor authentication.

Marriott is notifying affected individuals and it is offering them free identity protection services for one year.

In November 2018, the company announced that hackers compromised guest reservation database at its subsidiary Starwood hotels and stolen personal details of about 500 million guests.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Marriott, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]