Marriott said on Tuesday it was the victim of a data breach, affecting guests’ names, loyalty account information and other personal information.
The company believes personal information may have been involved for up to 5.2 million guests. Although not all of this information was present for every guest involved, the details taken may include names, emails, addresses, phone numbers, loyalty account information, and birthdays.
Although the investigation is ongoing, Marriott said it currently has no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver's license numbers.
The company said at the end of February it identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. Marriott believes it started in mid-January 2020.
Marriott has disabled those logins and is assisting authorities in their investigation.
Marriott has also set up a dedicated website and call center resources with additional information for guests. The email sent to guests and the website also contain a list of steps guests involved can consider taking and information about enrolling in a personal information monitoring service that Marriott is providing.
In November 2018, Marriott announced a massive data breach in which hackers accessed information on as many as 383 million guests. In that case, Marriott said unencrypted passport numbers for at least 5.25 million guests were accessed, as well as credit card information for 8.6 million guests.