Marriott International and data breaches go hand in hand, or so it seems. The hospitality group just keeps getting more and more of these happening to them all the time. In late 2018, Marriott had announced that Starwood’s reservation systems were compromised and hundreds of millions of customer records, including credit card and passport numbers, were exfiltrated by the attackers.

Jaisalmer Marriott Resort & Spa, India

Now, Marriott has announced that they were hit another time, as late as February 2020. Marriott reports that “an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.” Marriott suspects this activity started in mid-January 2020.

Marriott, upon discovery, disabled the login credentials of said employees, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Marriott believes that information does not involve Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.
Marriott states the following information could have been landed in the hands of those accessing it:

• Contact Details (e.g., name, mailing address, email address, and phone number)
• Loyalty Account Information (e.g., account number and points balance, but not passwords)
• Additional Personal Details (e.g., company, gender, and birthday day and month)
• Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers)
• Preferences (e.g., stay/room preferences and language preference)

Steps taken by Marriott for compromised members

Marriott states that they will be offering Experian IdentityWorks for one year for everyone whose account is compromised, for a period of one year. Also, for those guests who are a Marriott Bonvoy member, their existing login credentials have been disabled and they would need to set a new password for their account. They can also set up Multi-Factor authentication to protect access to their account.

Bottomline

It is most unfortunate that Marriott seems to be getting these attacks over and over again, but it is more unfortunate that their system designs are not being updated in line with global best practices for cybersecurity to ensure that such breaches don’t happen in the future.

Have you heard from Marriott about a data breach on your account?

Liked our articles and our efforts? Please pay an amount you are comfortable with; an amount you believe is the fair price for the content you have consumed. Please enter an amount in the box below and click on the button to pay; you can use Netbanking, Debit/Credit Cards, UPI, QR codes, or any Wallet to pay.

(Important: to receive confirmation and details of your transaction, please enter a valid email address in the pop-up form that will appear after you click the ‘Pay Now’ button. Even though the amount you enter has to be in INR, you may use an international card to process the transaction.)

We are not putting our articles behind any paywall where you are asked to pay before you read an article. We are asking you to pay after you have read the article if you are satisfied with the quality and our efforts.