Marriott reveals another security breach: 5.2 million guests exposed

A Marriott International franchise property may have been the source of a data leak that compromised information on up to 5.2 million hotel guests, the company announced on Tuesday. The breach involved the login credentials belonging to two employees; the incident happened in mid-January and was discovered by Marriott in late February 2020. The intruder's access has since been disabled.

The latest breach

The security breach was discovered when Marriott found that 'an unexpected amount of guest information may have been accessed' using the two aforementioned compromised employee credentials. Those logins have since been disabled and the company has been investigating the security breach, as well as increasing its monitoring, it said on Tuesday.

If there's an element of good news regarding this latest Marriott data breach, it's that for now, at least, 'the company currently has no reason to believe' that certain vital guest details were accessed, including things like driver's license numbers, bank card info, PINs, passport data, or national ID information. Certain sensitive details were potentially exposed, however.

Going forward

Though the exact details that were compromised will vary based on the guest, Marriott says that the security breach involved things like gender, birth dates, work company, loyalty account points and numbers, email addresses, phone numbers, mailing addresses, and names.

Guests who were potentially impacted by this security breach will be emailed by Marriott starting today, March 31, the company said in its release. Customers can find a new portal dedicated to the issue here; it points guests toward a call center that can provide additional info, as well. Marriott is providing personal info monitoring to impacted customers, the details of which are in the emails.

Not the first time

This isn't the first time Marriott has faced a large security breach. In early 2019, for example, the company revealed that up to five million unencrypted passport numbers belonging to hotel guests had been exposed by its system. That breach involved the Starwood reservation system and impacted up to 383 million guests who stayed at one of the properties before September 11, 2018.

Of course, Marriott isn't the only hotel company that has faced these intrusions. In 2015, for example, Hilton Hotel suffered two different data breaches that exposed customer information; it received a $700,000 fine.