Marriott International experienced a massive data breach in an “incident” that involved a property system. The hotel firm said in a notice that it “at the end of February 2020, the company identified that an unexpected amount of guest information may have been accessed” with the sign-in credentials of two franchise property staffers.
Marriott said in a post it believes the activity began in the middle of January of this year. It noted, “Upon discovery, the company confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests.”
The company also said it “notified relevant authorities and is supporting their investigations.” It believes loyalty account information, contact details, additional personal details, preferences and partnerships as well as affiliations for as many as roughly 5.2 million guests might have been involved in the data breach.
However, the company noted that not all of that data was present for every guest involved.
It also noted in the post, “Although Marriott’s investigation is ongoing, the company currently has no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.”
Marriott said it is notifying guests involved today. It is also putting into place a dedicated website as well as call center resources with more information for customers. The hotel company also said it has insurance, with the inclusion of cyber insurance, that is “commensurate with its size and the nature of its operations, and the company is working with its insurers to assess coverage.”
The company added that it “does not currently believe that its total costs related to this incident will be significant.”
Marriott, which operates and franchises hotels and licenses vacation ownership resorts throughout the globe, has a portfolio of over 7,300 properties with 30 brands.