Marriott watches over data of 5.2 million customers hit by data breach

International hotel chain Marriott International has reported a global data breach which may involve up to approximately 5.2 million guests. The breach concerns information such as contact details, loyalty account information, partnerships and affiliations, additional personal details, and guests' preferences. According to the company, guest information may have been accessed using the login credentials of two employees at a franchise property. The breach was believed to have started in mid-January this year, and came from an application that hotels operated and franchised under Marriott’s brands use to provide services to guests. 

In response to the data breach, Marriott is offering guests involved the option to enroll in a personal information monitoring service, IdentityWorks, free of charge for one year. This service will be provided by Experian, a global data and information services provider.  According to Marriott, IdentityWorks is an optional service that allows users to identify information that they would like monitored. The amount of information to include in the monitoring is completely up to users. It is currently available in countries including Singapore, Hong Kong, Australia, Germany, Ireland, the UK and the US. 

Marriott has also notified all guests yesterday via e-mail, and has set up a self-service online portal for guests to be able to determine whether their information was involved in the incident and, if so, what categories of information were involved. Additionally, the hotel chain has established call centre resources around the world for guests to obtain more information.

The company said it confirmed that login credentials were disabled upon discovering the data breach, and immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. It added that it has no reason to believe that the information involved included its reward program Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.

Last month, a data breach was also reported by cruise operator Princess Cruises. According to the company, an unsanctioned third party gained unauthorised access to some employee email accounts that contained personal information regarding its employees, crew, and guests. The company identified suspicious activity on its network in late May 2019, and has identified that the data breach happened between 11 April and 23 July 2019. The type of data potentially impacted was said to vary but could include: name, address, social security number, government identification number such as passport number or driver's license number, credit card and financial account information, and health-related information.

Related articles:
Malindo Air pleads not guilty for data breach charges
Love, Bonito confirms data breach on local and international customers
Local telco Zero1 slapped with SG$4k fine for personal data breach
Sephora hit with a data breach across SEA and New Zealand
Instagram's data breach: Another blow to FB? Or are consumers just numb to it?
3 big insurance brands fined by PDPC for customer data breach
PDPC fines ION Orchard owners SG$15,000 for customer data breach
Genki Sushi SG among 5 companies fined by PDPC over personal data breach