On Tuesday, Marriott announced that it had discovered a data breach affecting up to 5.2 million guests. According to the company, the login credentials of two employees at a franchise property were used to steal information including:
- Contact Details (e.g., name, mailing address, email address, and phone number);
- Loyalty Account Information (e.g., account number and points balance, but not passwords);
- Additional Personal Details (e.g., company, gender, and birthday day and month);
- Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers); and Preferences (e.g., stay/room preferences and language preference).
Marriott says no Marriott Bonvoy account passwords, payment card information, passport information, national IDs or driver's license numbers were stolen.
What Guests Can Do:
Once the hacking was discovered, Marriott began an investigation, implemented heightened monitoring, and set up resources to help guests navigate various security measures. To determine whether their information was involved, guests can log in to a portal and see what had been stolen. To reduce the chances of this happening again, they can enroll in a personal information monitoring service, IdentityWorks, at no charge for the first year. Users can determine what they'd like monitored; no other information will be tracked unless it is provided.
Marriott also recommends using good password management policies (using hard-to-guess words and phrases), staying vigilant against "phishing" scams and notifying the company of any suspicious account activity.
For more information, visit https://mysupport.marriott.com/