Marriott International published a statement announcing a data breach of its hotel guests' information, including demographics and contact details.
The company estimates “up to approximately” 5.2 million customers are impacted by the leak, but the investigation remains ongoing.
"At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property," Marriott news center said. "We believe this activity started in mid-January 2020. Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests."
The full list of information that was accessed could include:
- Customer names, addresses, phone numbers and email addresses
- Loyalty account numbers and point values
- Linked loyalty accounts' information (for example, airline loyalty accounts)
- Personal information such as birthday, gender, language and room preferences
»MORE: Marriott Starwood data breach: 3 things you should do to protect your privacy today
This breach comes two years after Marriott suffered a data breach in 2018 that impacted more than 300 million users and contained even more sensitive information, including passport and driver's license numbers, Verdict UK reported.
Marriott was fined £99 million ($123 million in U.S.) in 2019 under the European Union’s General Data Protection Regulation.
"A second attack is usually guaranteed after a breach of this scale but it is rare that threat actors actually gain entry a second time. This is usually because targeted businesses bolster extra layers of protection where they can. Victims usually enter an underground 'suckers list' but it just adds embarrassment if they struck a further time." —Jake Moore, cybersecurity specialist at ESET, via Verdict
Marriott is contacting impacted customers, but members can check to see next steps on the customer support website.
Additionally, guests can take advantage of a personal information monitoring service for free for one year through IdentityWorks with a code you can claim by email.
Marriott said it has notified relevant authorities and is supporting the investigation.
»MORE: Hilton, MGM join Marriott in furloughing tens of thousands of employees without pay
About the Author
