New data breach affects 5.2 million Marriott guests
GUESTS’ names, loyalty account information and other personal details may have been accessed in the second major data breach to hit Marriott in less than two years.
Marriott said Tuesday, March 31, 2020, approximately 5.2 million guests worldwide may have been affected. The information taken may have included names, addresses, phone numbers, birthdays, loyalty information for linked companies like airlines and room preferences.
Marriott said it’s still investigating but it doesn’t believe that credit card information, passport numbers or driver’s license information were accessed.
Marriott said it noticed an unexpected amount of guest information was accessed at the end of February using the login credentials of two employees at a franchised property. The company said it believes the activity began in the middle of January.
Marriott has disabled those logins and is assisting authorities in their investigation. The company didn’t say whether the employees whose logins were used were suspected.
In November 2018, Marriott announced a massive data breach in which hackers accessed information on as many as 383 million guests. In that case, Marriott said unencrypted passport numbers for at least 5.25 million guests were accessed, as well as credit card information for 8.6 million guests. The affected hotel brands were operated by Starwood before it was acquired by Marriott in 2016.
The Federal Bureau of Investigation led the investigation of that data theft, and investigators suspected the hackers were working on behalf of the Chinese Ministry of State Security, the rough equivalent of the Central Intelligence Agency.
Marriott said it has informed guests of the new data breach. The Bethesda, Maryland-based company is offering affected guests free enrollment in a personal information monitoring service for up to one year.