A new Marriott data breach exposed credentials of 5.2 million clients


Marriott International suffers a second massive data breach 

Marriott data leak

Marriott data leak

Marriott International Inc., one of the largest hotel chains worldwide, officially disclosed a data breach[1] that may have exposed the credentials of more than 5.2 million registered hotel guests. The company consisting of 30 brands and owning more than 7,000 properties across 131 countries, revealed the incident at the end of February 2020. It is still under investigation, though the spokesperson of the company reported that contact details, loyalty account information, partnership, preferences, and other personal information been exposed to criminals. 

At the end of February 2020, we noticed that an unexpected amount of guest information might have been accessed using the login credentials of two employees at a franchise property.

Banking credentials, account passwords, payment card information, passport information, driver’s license, and other first importance information have not been reached, Marriot said. Nevertheless, all potential victims have been contacted and provided with instructions on how to protect themselves from possible identity theft[2]. The company claims the following information might be stolen:

  • Contact Details (e.g., name, mailing address, email address, and phone number)
  • Loyalty Account Information (e.g., account number and points balance, but not passwords)
  • Additional Personal Details (e.g., company, gender, and birthday day and month)
  • Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers)
  • Preferences (e.g., stay/room preferences and language preference)

Marriott has taken actions to protect its customers

The hotel giant believes that hackers might have started malicious activities on their apps’ server in January 2020. However, the unspecified property system at a franchise hotel has been detected only in February.

Right after disclosing an attack over the database of employees and customers, the company disabled the login credentials of the affected customers. It launched a website explaining people the situation and the steps that have to be taken. Customers will be provided with personal information monitoring services to prevent them from further cyber-attacks.

Repeated data leaks cause mistrust

It’s a second time within three years when Marriott International Inc. falls victim to hackers and fails to protect its customers’ data from exposure to hackers[3]. In 2018, the company revealed a breach that took a start in 2014 and continuously leaked information about Starwood clients’ database. It has been estimated that over 500 million clients affected. Marriott has been fined by governmental authorities to pay $123 for disclosing client’s names, addresses, date of birth, phone numbers, ID card numbers, and other personally identifiable information.

A repeated attack minimizes clients’ trust in the company and raises a question if Marriot is well-equipped against cyber attacks. It seems that its data protection service has some breaches that must be patched asap to prevent further incidents.

Stronger passwords – rarer leaks

Regular computer users can contribute to the prevention of data breaches in two ways. Using strong passwords for each account and two-factor authentication[4] function to the accounts would enough to protect hackers from accessing your credentials.

Additionally, experts do not recommend becoming registered users to unknown services. There are numerous reports on how hackers create fake services to trick people into revealing their names, emails, addresses, and similar information. This even goes worse if the rogue services allow making a purchase, thus increasing the possibility of gathering people’s banking credentials.

The companies are warned about data breaches every day, and violations like Equifax seem to be a great lesson to learn. There are toms of literature for companies[5] advising on how to protect themselves from various data breaches.