New Marriott Data Breach Affecting 5.2 Million Customers

Marriott announced another data breach today, affecting about 5.2 million customers. This is a separate incident from the 2018 one that affected as many as 500 million guests.

Hotels operated and franchised under Marriott’s brands use an application to help provide services to guests at hotels. At the end of February 2020, an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. This activity might have been going on since mid-January 2020. Upon discovery these login credentials were disabled Marriott says, and immediately the company began an investigation.

Marriott says they have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers. But the following information might have been compromised:

Contact Details (e.g., name, mailing address, email address, and phone number)
Loyalty Account Information (e.g., account number and points balance, but not passwords)
Additional Personal Details (e.g., company, gender, and birthday day and month)
Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers)
Preferences (e.g., stay/room preferences and language preference)

On March 31, 2020, Marriott sent emails about the incident to guests involved. The email was sent from marriott@email-marriott.com because this is the standard email account used to communicate with our guests.

Free IdentityWorks

Marriott is offering guests involved the option to enroll in a personal information monitoring service, IdentityWorks, free of charge for 1 year. This service will be provided by Experian, a global data and information services provider. This is an optional service that allows you to identify information that you would like to have the service monitor; how much information to include in the monitoring is completely up to you. Any information that you provide to Experian will only be used by Experian for the sole purpose of the monitoring service.

To use IdentityWorks to start monitoring your personal information please follow the steps below:

Ensure that you enroll by June 30, 2020 (your code will not work after this date.)
Visit the Experian IdentityWorks website to enroll:
- US Residents: https://www.experianidworks.com/identity
- Non-US Residents: http://www.globalidworks.com/identity1
Provide your activation code:
- US Residents: To be provided in the email notice or self-service portal communication
- Non-US Residents: To be provided in the email notice or self-service portal communication