Marriott Reveals Data Breach That Could Have Impacted 5.2 Million Customers

Marriott International on Tuesday announced a data breach incident that could have put the data of up to 5.2 million guests at risk. The company believed that the hack began in January this year. To notify some of its customers, Marriott sent an email containing a notice that explains about the scope of the issue. It also established a dedicated website and call centre resources to help impacted users. This is notably the second time in nearly the last 16 months when Marriott customers have faced a hack as the company previously reported an incident affecting up to 500 million customer records in December 2018.

An unexpected amount of guest information was accessed using the login credentials of two employees at a franchise property. While Marriott identified the incident at the end of February, the hack is believed to have started in the middle of January.

“Upon discovery, the company confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Marriott also notified relevant authorities and is supporting their investigations,” the company said in a press statement.

Marriott noted that compromised information of its customers may include their contact details, loyalty account information, additional personal details such as gender, birthday day and month, and room as well as language preferences among others. It is also likely that the hackers would have details about clients' partnerships and affiliations such as linked airline loyalty programmes and account numbers. Furthermore, the company has disabled existing passwords of customers using its loyalty programme Marriott Bonvoy.

In addition to detailing the scope of the breach, Marriott sent the email to its customers that included the details of its dedicated website and call centre resources to provide additional information for the affected guests. The company is also offering free enrolment on the personal information service IdentityWorks for one year through which customers can identify information that they would like to get monitored by the service. However, it is limited to markets such as Australia, Brazil, Canada, Germany, Hong Kong, India, Spain, the United Kingdom, and the United States.

Marriott additionally warned its clients to be vigilant against potential “phishing” emails and communications that appear to be sent from the company's email addresses and ask for important details such as payment cards and bank account numbers.

It is unclear whether the impact of the latest breach is limited to certain markets or customers across the globe. Gadgets 360 has reached out to Marriott for details and will update this space as and when the company responds.

In December 2018, Marriott had announced that some hackers gained access to up to 500 million client records in its Starwood Hotels reservation system. That was the result of an attack that began back in 2014 and impacted not just its clients but also the company that has 30 brands along with over 7,000 properties in 131 countries globally.