Marriott revealed about a new security breach which affected over 5.2 million hotel guests who used the company’s loyalty app.
A breach notification has been posted on the company website according to which the hotel became aware of the breach at the end of February. The security breach came to light when they found that a hacker had misused the login credentials of two employees from one of its franchise properties to access customer information from the app’s back end systems.
Marriot however did not reveal any additional details about the hack which was dated back to mid-January.
The hotel states that the attacker had access to Marriott Bonvoy loyalty data such as:
- Contact details including name, mailing address, email address, and phone number
- Loyalty Account Information like account number and points balance, without passwords
- Additional Personal Details such as company, gender and birthday
- Partnerships and Affiliations like linked airline loyalty programs and numbers
- Preferences such as stay/room preferences and language preference
The investigation is going on and the hotel said it did not believe that the intruder did not gain access to sensitive details like account passwords, PINs, payment card information, passport details, national IDs, or driver’s license numbers.
Marriott launched a web portal in which the app users can check if they have been impacted by the security breach and what data has been accessed by the attacker.
All the affected guests are contacted by the hotel chain through emails and are also offered a year of free personal information monitoring.
This is the second data breach the hotel chain has revealed since November 2018 when the attackers attained access to the Starwood Hotels reservation system and the personal details of over 383 million hotel guests were stolen.