Wednesday, 1 April 2020

Major data breach at Marriott effects approximately 5.2 million guests

A major data breach at Marriott might affect up to 5.2 million guests the hospitality firm has confirmed today,.

The list of personal details that might have been breached is astounding and includes names, address - both email and postal, phone numbers, birthdays, gender, preferences and even details of any other linked loyalty programmes - like frequent flyer names and numbers.

At the moment the firm sats there is no reason to believe that Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers has been compromised, yet the investigation is still ongoing. 

How could such a massive data loss happen?  Well, hotels operated and franchised under Marriott’s brands use an application to help provide services to guests at hotels. Towards the end of February 2020, Marriott found out that an unexpected amount of guest information could have been accessed using the login credentials of two employees at a franchise property. According to the company's investigation, they believe this data harvesting started in mid-January 2020. 

Marriott says that as soon as it found out what was going on, it disabled the login details and immediately began an investigation.  It has since implemented heightened monitoring and arranged resources to inform and assist guests. 

The firm has now emailed all its guests that might have been involved to explain what happened and the measures it has since taken as well as steps those effected can consider taking.  It has also set up a dedicated website ( and call centre resources with additional information and information about enrolling in a personal information monitoring service that Marriott is providing.

Marriott seems to be adopting a rather cavalier in its attitude of this latest data breach, the press release contained no apology, no shred of sympathy, just the basic information and said it had insurance and "does not currently believe that its total costs related to this incident will be significant.".

This is not the first data breach affecting the Marriott brand, in November 2018 hackers accessed information on up to 383 million customers, some 8.6 million of those guests had their credit card numbers taken and a further 5.2 million had their passport numbers taken.  The Information Commissioner's Office issued a notice in July last year of its intention to fine Marriott International £99,200,396 for infringements of the General Data Protection Regulation (GDPR) that data hack caused. Marriott has been in negotiations with the ICO to greatly reduce the amount, which, is understood to still be being considered. 

Recommended for you...

No comments: