Marriott will have to email and notify up to 5.2 million of their guests of a possible data breach, according to The Verge. This is Marriott’s second data breach in the space of two years. The hotel chain announced another data breach in late 2018, which affected up to 500 million guests staying at its subsidiary, Starwood. Marriott said 327 million records were compromised by the data breach, including personal details such as email addresses and passport numbers. U.K. authorities last year fined Marriott $123 million.
The breach is believed to have come from an application at a franchise property which helps provide services to guests and that service was compromised. Marriott says that it identified “an unexpected amount of guest information” may have been accessed using the login credentials of two employees over the course of about two months. The information was accessed from mid January through the end of February. The breach may have taken personal details such as names, birthdates, and telephone numbers, along with language preferences, and loyalty card numbers, Marriott says.
Marriott disabled the login credentials upon discovery of the activity and states they are launching their own internal investigation into the matter. The company notified the authorities and also stated they themselves are implementing heightened monitoring and security measures. Marriott said it contacted guests whose details may have been obtained via email and launched a dedicated website with resources for the affected. The company offers a program for the tracking of personal information to visitors whose details could have been stolen.
While the investigation is still going on Marriott has told guests and employees that there is no reason for them to believe that any financial information or payment details were maliciously obtained. If the group has determined that a Marriott Bonvoy member’s information was involved, it has disabled the existing password and prompted the guest to enable two-factor authentication to further protect their accounts.
The email and website dedicated to helping those affected will outline a list of steps guests and users can take to ensure their information is secure. Marriott is also offering a free year of service of data and PII monitoring for all customers impacted. If you’ve stayed at a Marriott anytime in the recent past, make sure you check your emails because as always the best security for your data is yourself. Implement two-factor authentication always and be weary of what information you give out to companies.