The Marriott hotel chain has experienced yet another large-scale data breach, with the details of about 5.2 million guests exposed by hackers.
According to a statement issued by the company, details including names, addresses, birthdays, preferences, emails, phone numbers and loyalty reward program numbers have been compromised.
While the incident is still being investigated, Marriott has said that it has no reason to believe driver license numbers, national identification numbers, passport numbers, or payment information was breached.
- Marriott owner facing huge GDPR breach fine
- US Defence agency reports data breach
- Slickwraps hit by customer data breach
Marriott data breach
The company believes that the unauthorized access started in mid-January this year with the help of the credentials of two employees at a franchisee property in Russia.
This unusual login activity was identified at the end of February, with Marriott noting that, "Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests."
The company has already informed any affected customers via email and has also set up a dedicated portal along with a call centre to help customers find out if they were impacted. It is also asking members of its Bonvoy loyalty scheme to change their login credentials and enable multi-factor authentication.
The breach is the third such incident Marriott has experienced in recent years, most notably including a breach in 2018 that was initially thought to have impacted over 500 million users. It resulted in compromising customer details like names, addresses, passport numbers, birth dates, arrival and departure information and reservation dates.
As a result, a fine of $124 million was levied by the Information Commissioner’s Office.
In October last year, the company reported that some unidentified attackers were able to gain access to gain access to personally identifiable details like names, addresses and Social Security numbers of over 1500 employees. This breach happened through a vendor responsible for handling official documents.