The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission.
Marriott International, the hotel group that owns global chains including Marriott, St Regis and The Ritz-Carlton, has suffered a major security breach – its second in three years.
The company announced on 31 March that details of up to 5.2 million customers could have been accessed between mid-January and the end of February this year.
In a statement, Marriott said: “Hotels operated and franchised under Marriott’s brands use an application to help provide services to guests at hotels.
“At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. We believe this activity started in mid-January 2020.”
The access credentials involved have now been disabled and the hotel group is currently investigating the incident and the extent of the breach.
It said that “although our investigation is ongoing, we currently have no reason to believe that the information involved included Marriott Bonvoy (its loyalty scheme) account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.”
However, the data breach could have involved contact details (eg name, mailing address, email address, and phone number); loyalty account information (eg account number and points balance, but not passwords); additional personal details (eg company, gender, and birthday day and month); partnerships and affiliations (eg linked airline loyalty programmes and numbers); and preferences (eg stay/room preferences and language preference).
Marriott has already contacted customers involved, and they will be required to reset their passwords, while worried guests can also check whether they were affected via a dedicated portal.
Lonely Planet's UK Travelist
Show all 20Customers whose data may have been breached are also offered enrolment into IdentityWorks, a personal information monitoring service, free of charge for a year.
The Marriott group has previously experienced another major data breach, which was discovered in 2018.
Up to half a billion customers were affected – the largest breach in history – and some credit card details were affected.
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies