Marriott data breach exposes personal data of 5.2 million guests

The hotel chain has notified guests of a second massive data breach within 18 months

Marriott hotel sign

Marriott has informed 5.2 million guests that their personal details were inappropriately accessed in a possible data breach.

Related Resource

How enterprises are embracing cyber security challenges

Enterprises across Europe, the Middle East and Africa are undergoing a significant transformation

Download now

Contacts details, loyalty account information, company, gender, birthday, partnerships and affiliations and room preferences were among guests’ details accessed between mid-January and February 2020. 

Marriott said this unexpected amount of information was accessed using the login credential of two employees with an application built to provide guest services.

When the firm learned of this activity, the login credentials were disabled, and the company began an investigation, before raising the level of monitoring and arranging resources to inform and assist guests.

“Although our investigation is ongoing, we currently have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers,” Marriott said.

“If you are uncertain whether your information was involved in the incident, we have set up a self-service online portal for guests to be able to determine whether their information was involved and, if so, what categories of information were involved.”

This is the second major data breach involving the hotel chain after the company was fined £99 million for an incident involving 339 million guests

Marriott revealed in November 2018 that an unknown third-party had gained access to its Starwood guest reservation system by exploiting an unpatched vulnerability from 2014.

Although the number of guests affected by this second data breach represents a fraction of those hit by the 2018 breach, the fact that Marriott is admitting to the second breach in a short space of time should come as a concern.

It’s unclear where the users affected were based, and whether any UK-based guests were affected by the breach. Should UK citizens have been affected, it’s likely the Information Commissioner's Office (ICO) will take a tough stance on the hotel chain, having already issued one massive notice to fine under GDPR rules only last year.

Marriott has said it’s providing guests involved with information about steps they can take, including enrolling into an online information monitoring service provided by IdentityWorks. The firm has also set up a dedicated website and call centre.

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Recommended

Data: A resource much too valuable to leave unprotected
Whitepaper

Data: A resource much too valuable to leave unprotected

2 Dec 2020
Webhose and Signal Corp boost data breach detection
Security

Webhose and Signal Corp boost data breach detection

7 Oct 2020
ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020

Most Popular

350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
Samsung Galaxy Note might be discontinued in 2021
Mobile Phones

Samsung Galaxy Note might be discontinued in 2021

1 Dec 2020