Another Marriott Data Breach Exposes 5.2 Million Bonvoy Members

Advertiser Disclosure Editorial Disclosure

Last updated on August 13th, 2020

The Marriott data breach announced in Nov. 2018 was one of the largest in history. The hack on a Starwood hotel compromised 500 million customers’ highly sensitive data, including passport and credit card information. Almost a year later in Oct. 2019, the company was hit again on a much smaller scale, exposing the records of over 1,500 employees.  Now, in perhaps one of the most chaotic months the world has experienced in years, Marriott has announced another significant breachThis latest instance doesn’t quite match the scale and severity of the 2018 hack, but 5.2 million members of the Bonvoy Marriott program were still affected. 

Details of the Marriott Data Breach

Marriott traced the breach back to mid-January 2020, just before news of the coronavirus really began to spread. Upon investigation, it seems the credentials of two employees were used to access an unusual amount of customer details. It’s not yet clear if these credentials were stolen. Fortunately, the information exposed was not nearly as sensitive as that of the previous attack, though it did include customers’: 

  • Personal details, such as names, genders, and birthdays 
  • Contact information, such as phone numbers, home addresses, and email addresses 
  • Loyalty information, such as room preferences and Marriott Bonvoy points balances 
  • Other affiliations, such as frequent flyer programs 

The company didn’t detect the breach until the end of February, likely consumed by the mounting pandemic and its effects on Marriott hotels and stocksThis leaves open the likelihood that the breach continued for weeks before the company suspended the credentials and began investigating. Related article: Updated Hotel Cancellation Policies During Coronavirus Outbreak As of now, no passwords, passport details, or credit card numbers appear to be compromised. According to Marriott’s press releasehowever, the investigation is still ongoing. 

How to Know If You Were Exposed in the Marriott Hack

On Mar. 31, Marriott sent out emails to those it believes were affected, from marriott@email-marriott.com. Guests can also use the self-service portal to verify what information, if any, was compromised. As an added precaution, the company also reset the Marriott Bonvoy membership passwords for those who were exposed, including those who hold one of the Marriott Bonvoy credit cardsUpon logging in, these members will be able to: 

  • Update their passwords 
  • Set up multi-factor authentication 
  • Sign up for 1 year of free personal information monitoring services, where available 

About: Leesa
Leesa Love

Leesa is a credit card explorer for BestCards.com. While not spelunking for APRs and hidden fees, she's most likely listening to a podcast or working on a superfluous DIY project.

Advertiser Disclosure

BestCards is an independent, Florida-based credit card comparison platform. Many of the card offers that appear on this site are from companies from which BestCards receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear). BestCards does not include all card companies or all card offers available in the marketplace.

Get the Best Credit Card Content in Your Inbox

Sign up for our newsletter to receive the latest credit card articles and news so you can stay on top of your financial wellbeing.