Marriott International has released information about another data breach that has involved approximately 5.2 million guests. Marriott is reporting that guests contact details including names, mailing addresses, email addresses, and phone numbers; loyalty account information that includes account number and points balance, but not passwords; additional personal details that include company, gender, and birthday day and month; partnerships and affiliations that include linked airline loyalty programs and numbers; and preferences that include stay/room preferences and language preference.
Marriott has sent emails to guests involved and has also set up a dedicated website and call center resources with additional information for guests. Call center phone numbers are posted on the website.
According to Marriott’s statement, “The company believes that this activity started in mid-January 2020. Upon discovery, the company confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Marriott also notified relevant authorities and is supporting their investigations.”
Although Marriott’s investigation is ongoing, the company currently has no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.
The company also reports that it carries insurance, including cyber insurance, commensurate with its size and the nature of its operations, and the company is working with its insurers to assess coverage. The company does not currently believe that its total costs related to this incident will be significant.