Last updated on August 13th, 2020
The Marriott data breach announced in Nov. 2018 was one of the largest in history. The hack on a Starwood hotel compromised 500 million customers’ highly sensitive data, including passport and credit card information. Almost a year later in Oct. 2019, the company was hit again on a much smaller scale, exposing the records of over 1,500 employees. Now, in perhaps one of the most chaotic months the world has experienced in years, Marriott has announced another significant breach. This latest instance doesn’t quite match the scale and severity of the 2018 hack, but 5.2 million members of the Bonvoy Marriott program were still affected.
Details of the Marriott Data Breach
Marriott traced the breach back to mid-January 2020, just before news of the coronavirus really began to spread. Upon investigation, it seems the credentials of two employees were used to access an unusual amount of customer details. It’s not yet clear if these credentials were stolen. Fortunately, the information exposed was not nearly as sensitive as that of the previous attack, though it did include customers’:
- Personal details, such as names, genders, and birthdays
- Contact information, such as phone numbers, home addresses, and email addresses
- Loyalty information, such as room preferences and Marriott Bonvoy points balances
- Other affiliations, such as frequent flyer programs
The company didn’t detect the breach until the end of February, likely consumed by the mounting pandemic and its effects on Marriott hotels and stocks. This leaves open the likelihood that the breach continued for weeks before the company suspended the credentials and began investigating. Related article: Updated Hotel Cancellation Policies During Coronavirus Outbreak As of now, no passwords, passport details, or credit card numbers appear to be compromised. According to Marriott’s press release, however, the investigation is still ongoing.
How to Know If You Were Exposed in the Marriott Hack
On Mar. 31, Marriott sent out emails to those it believes were affected, from firstname.lastname@example.org. Guests can also use the self-service portal to verify what information, if any, was compromised. As an added precaution, the company also reset the Marriott Bonvoy membership passwords for those who were exposed, including those who hold one of the Marriott Bonvoy credit cards. Upon logging in, these members will be able to:
- Update their passwords
- Set up multi-factor authentication
- Sign up for 1 year of free personal information monitoring services, where available