- Marriott has suffered another data breach in less than two years, this time affecting over 5.2 million people.
- Information including contact details, loyalty information, demographics, preferences, and partnership details were leaked.
- Affected guests have been contacted, and a portal has been set up to check if your account may have been compromised.
- Subscribe to the Gate Checked newsletter for daily travel and aviation updates.
Marriott is one again in the news for all the wrong reasons. The hotel chain has suffered yet another data breach less than two years after over 500 million guest details were leaked in a much larger hack. This occurrence is much smaller, affecting around 5.2 million guests.
According to their incident report, Marriott identified that two employee accounts were used to access the plethora of customer data.
“At the end of February 2020, [Marriott] identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. We believe this activity started in mid-January 2020. Upon discovery, [Marriott] confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests.”
From the release, the exposed data includes contact details, demographics, preferences, information about Bonvoy loyalty accounts, along with other details regarding linked airline loyalty programs and numbers. They claim that sensitive information was not tampered with, saying that they “have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers,” but as the investigation is still ongoing, it may be too early to tell.
Are you affected?
Affected customers were contacted via their email address on file, but they have also set up a self-check portal which is available here. There are also a few phone numbers which can be used to reach out to them.
With any data breach, there are also some preventative measures you should take in the mean time. For starters, immediately change your passwords and enable two-factor authentication. Assuming this list does hit some kind of a black market, there are plenty scammers who may use social engineering and phishing to pretend that they are representing Marriott. Be aware of these scams, whether they be via email or a phone call. If available, look into getting some kind of credit monitoring, even though Marriott says payment details were not breached.
Back in 2018, Marriott suffered a much larger breach, where both Starwood Preferred Guest (SPG) account holders and its own customers and were affected, after 500 million records were accessed.