MARRIOTT INTERNATIONAL HAS reported a breach of an internal property system that may have compromised some personal information belonging to approximately 5.2 million guests. The information probably does not include payment card or drivers’ license numbers, but may include some contact information and Marriott Bonvoy loyalty program account numbers without passwords.
The company began notifying guests of the breach on March 31. The system involved is used to provide guest services.
“At the end of February 2020, the company identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property,” Marriott said in a statement. “The company believes that this activity started in mid-January 2020. Upon discovery, the company confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Marriott also notified relevant authorities and is supporting their investigations.”
The statement said other types of information that may have been accessed included mailing and email addresses, phone numbers, guests’ employers information, gender, birthdays and stay preferences.
“Today, Marriott is sending emails to guests involved. Marriott has also set up a dedicated website and call center resources with additional information for guests,” the company statement said.
The numbers for the call center, as well as information on signing up for a personal information monitoring service that the company is providing are included in the emails. Marriott does not believe the breach will lead to significant costs.
Last November, Marriott a major data breach that affected about 383 million former Marriott guests.