In its second information breach in three years, global hospitality chain Marriott, has had the personal information of 5.2 million guests stolen from its system. The hotel chain announced that it is notifying the guests of the incident, the information stolen, the assistance it is offering and the steps the guests themselves may consider taking.
The breach was discovered by the company in late February while those behind the breach gained access to the data mid-January onwards. Hotels franchised and operated under Marriott’s brand use an application to aid the services provided to the guests. The breach was uncovered when the company identified the access of an unexpected amount of guest information through the application using login credentials of certain employees at a franchise.
The company believes that the accessed information includes contact details, loyalty account information, partnerships & affiliations and guests’ general preferences of language, type of room etc. Marriott currently has no reason to believe that information accessed includes Marriot Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or drivers licence numbers.
Marriott confirmed that upon discovery of the breach, the logins used in the breach were disabled. Investigation aided by relevant authorities immediately began coupled with heightened monitoring. While guests are now being contacted and informed through e-mails, Marriott has set up a dedicated website and call centre resources to ensure easy access of information for the guests involved.
The breach this time was less severe, as Marriott believes senstive information such as passwords and credit card info wasn’t stolen.
In a previous breach a couple of years ago, five million unencrypted passport numbers and eight million credit card records were found by hackers and stolen. Then in 2018, the central reservation system was hacked into at Starwood, a subsidiary of Marriott. The breach exposed the personal data and guest records on 383 million guests. The hotel giant was subjected to a fine of $123 million from the European authorities.