Marriott says a security breach may have exposed the personal information of 5.2 million guests. This marks Marriott’s second data breach in recent years, following a breach in 2018.
Personal information such as names, birthdates, and phone numbers may have been taken in the breach, along with language preferences and loyalty account numbers, Marriott says. Although an investigation is still in progress, Marriott said there is “no reason” to believe that payment information was leaked.
Marriott says it discovered in late February that an unspecified hotel chain’s system had been compromised, and guest information may have been examined by hackers that acquired the login credentials of two Marriott employees. The company has reason to believe that the activity began as early as mid-January.
Marriott said it has notified guests whose information may have been taken via email and launched a dedicated website containing resources for those affected. The company is providing a personal information monitoring service to guests whose information may have been stolen.
In late 2018, the hotel giant disclosed another data breach, which impacted up to 500 million guests that stayed at its subsidiary, Starwood, which the company acquired in 2016. Marriott said the data breach compromised 327 million records, including personal information such as mailing addresses and passport numbers. UK authorities fined Marriott $123 million last year.