Marriott says a security breach may have exposed the personal information of 5.2 million customers. This is the second Marriott data breach in recent years, after a breach in 2018.
Personal information such as names, dates of birth, and phone numbers may have been entered, as well as language preferences and loyalty account numbers, says Marriott. Although an investigation is still underway, Marriott said there was “no reason” to believe that payment information had been released.
Marriott said it discovered in late February that an unspecified hotel chain system had been compromised and that the customer information may have been examined by hackers who had acquired the login information of two Marriott employees. The company has reason to believe that activity started as early as mid-January.
Marriott said it has informed customers whose information may have been collected by email and has launched a dedicated website with resources for those affected. The company provides a personal information monitoring service to customers whose information may have been stolen.
In late 2018, the hotel giant revealed another data breach, which affected up to 500 million customers who stayed at its subsidiary, Starwood, which the company acquired in 2016. Marriott said the breach data had compromised 327 million records, including personal information such as direct mail addresses and passport numbers. British authorities fined Marriott $ 123 million last year.