Marriott International confirms data breach of up to 5.2 million guests

By Anna Brading, Sophos

April 1, 2020

Marriott International has today announced that it has suffered a data breach affecting up to 5.2 million people.

The hotel chain says it uses an application to help provide services to its guests. Beginning mid-January this year, the login credentials of two employees at a franchised property were used to access guest information on this app.

When the breach was discovered at the end of February, Marriott International says it disabled those login credentials and began its investigation.

What data was accessed?

Marriott says it believes the following information ďmay have been involvedĒ although the entries werenít there for every guest:

  • Contact details (name, mailing address, email address, and phone number)
  • Loyalty account information (account number and points balance, but not passwords)
  • Additional personal details (company, gender, and birthday day and month)
  • Partnerships and affiliations (linked airline loyalty programs and numbers)
  • Preferences (stay/room preferences and language preference)

Marriott says there is currently no reason to believe the information accessed included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driverís license numbers.

Marriott says it informed guests via email, today (31st March), from the address It says itís giving guests the option of accessing a data monitoring service for a year.

Terms of Use | Copyright © 2002 - 2020 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement