Another One? Marriott’s 2nd Major Data Breach Affects 5.2 Million
Meg Butler March 31, 2020
Did you have trouble logging into your Marriott Bonvoy account today? If you did, you may be one of the 5.2 million Marriott customers impacted by its second major breach.
Marriott’s first data breach happened just over a year ago, in January of 2019. One of the world’s biggest data breaches ever, it affected an estimated 500 million. This breach is much smaller, but two major data breaches this close together is never a great look for a major corporation.
So far, it looks like only those who are on Marriott’s targeted promotions list. If you did not get an email, it is likely that your account was not affected (but it couldn’t hurt to change your password anyway).
Here’s the email that went out:
Dear Valued Guest,
We are writing to let you know that some of your information may have been accessed without authorization. We are sorry that this occurred, and this message explains what happened, how we can assist you, and steps you can take.
What Happened
Hotels operated and franchised under Marriott’s brands use an application to help provide services to guests at hotels. At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. We believe this activity started in mid-January 2020. Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Your information was among the information that appears to have been accessed.
What Information Was Involved
Although Marriott’s investigation is ongoing, we currently have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.
At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved:
- contact details (e.g., name, mailing address, email address, and phone number)
- loyalty account information (e.g., account number and points balance, but not passwords)
- additional personal details (e.g., company, gender, and birthday day and month)
- partnerships and affiliations (e.g., linked airline loyalty programs and numbers)
- preferences (e.g., stay/room preferences and language preference)
What We Are Doing
We have set up a dedicated website (www.mysupport.marriott.com) where you can find more information.
We have also established dedicated call center resources, which can be reached by calling the numbers below. The call center resources will be staffed during ordinary business hours in the United States, 8:00am-8:00pm EDT Monday through Friday. Language support will be provided in English and French, and additional translation services will be available upon request.
If you didn’t get the e-mail, you can read it in its entirety here.
Location
United States/Canada
Australia
France
Germany
United Kingdom
Rest of the World (toll may apply)
More info here: https://mysupport.marriott.com/
Second Marriott breach? I believe the first was actually Sheraton’s. And any takers on some of the same financial people are still around?
What day was the email sent out?
I just went in and deleted my methods of payment!.