Marriott involved in second data breach involving 5.2 Million customers

Marriott International and data breaches go hand in hand, or so it seems. The hospitality group just keeps getting more and more of these happening to them all the time. In late 2018, Marriott had announced that Starwood’s reservation systems were compromised and hundreds of millions of customer records, including credit card and passport numbers, were exfiltrated by the attackers.

MArriott Data Breach

Jaisalmer Marriott Resort & Spa, India

Now, Marriott has announced that they were hit another time, as late as February 2020. Marriott reports that “an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.” Marriott suspects this activity started in mid-January 2020.

Marriott, upon discovery, disabled the login credentials of said employees, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Marriott believes that information does not involve Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.
Marriott states the following information could have been landed in the hands of those accessing it:

  • Contact Details (e.g., name, mailing address, email address, and phone number)
  • Loyalty Account Information (e.g., account number and points balance, but not passwords)
  • Additional Personal Details (e.g., company, gender, and birthday day and month)
  • Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers)
  • Preferences (e.g., stay/room preferences and language preference)
Marriott states that they have sent out emails to the guests involved from marriott@email-marriott.com on March 31, 2020.
How to find out if your account was compromised?
Marriott has set up a self-service online portal for guests to be able to determine whether their information was involved in the incident and, if so, what categories of information were involved. This portal can be accessed here.

Steps taken by Marriott for compromised members

Marriott states that they will be offering Experian IdentityWorks for one year for everyone whose account is compromised, for a period of one year. Also, for those guests who are a Marriott Bonvoy member, their existing login credentials have been disabled and they would need to set a new password for their account. They can also set up Multi-Factor authentication to protect access to their account.

IdentityWorks is currently available in Australia, Brazil, Canada, Germany, Hong Kong, India, Ireland, Italy, Mexico, New Zealand, Poland, Singapore, Spain, the United Kingdom, and the United States. Language support for online enrollment is available in English, French, French Canadian, German, Italian, Portuguese, and Spanish.

Bottomline

It is most unfortunate that Marriott seems to be getting these attacks over and over again, but it is more unfortunate that their system designs are not being updated in line with global best practices for cybersecurity to ensure that such breaches don’t happen in the future.

Have you heard from Marriott about a data breach on your account?


Liked our articles and our efforts? Please pay an amount you are comfortable with; an amount you believe is the fair price for the content you have consumed. Please enter an amount in the box below and click on the button to pay; you can use Netbanking, Debit/Credit Cards, UPI, QR codes, or any Wallet to pay.

(Important: to receive confirmation and details of your transaction, please enter a valid email address in the pop-up form that will appear after you click the ‘Pay Now’ button. Even though the amount you enter has to be in INR, you may use an international card to process the transaction.)

Pay LiveFromALounge.com for Content

We are not putting our articles behind any paywall where you are asked to pay before you read an article. We are asking you to pay after you have read the article if you are satisfied with the quality and our efforts.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *