Hotel chain Marriott disclosed a security breach that impacted more than 5.2 million hotel guests who used the company's loyalty app.
Hotels operated and franchised under Marriott’s brands use an application to help provide services to guests at hotels. At the end of February 2020, Marriott says it identified that "an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property." Marriott believes this activity started in mid-January 2020. Upon discovery, Marriott confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests.
Although Marriott's investigation is ongoing, the company currently has no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.
At this point, Marriott believes that the following information may have been involved, although not all of this information was present for every guest involved:
- Contact Details (e.g., name, mailing address, email address, and phone number)
- Loyalty Account Information (e.g., account number and points balance, but not passwords)
- Additional Personal Details (e.g., company, gender, and birthday day and month)
- Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers)
- Preferences (e.g., stay/room preferences and language preference)
Marriott launched a web portal where the app's users can check if they're one of the 5.2 million users impacted by the security breach, and what data the hacker might have accessed.
This is the second security breach the hotel chain has disclosed. In November 2019, Marriott said that hackers gained access to the Starwood Hotels reservation system, from where they stole the personal details of more than 383 million hotel guests (revised from the initial figure of 500 million).