Marriott announced today that it suffered another significant data breach, but, unlike the one that it announced in late 2018, the current breach directly impacts Marriott customers, not just accounts inherited as part of the hotel chain’s acquisition of Starwood.
Marriott believes that the data stolen includes information related to as many as 5.2 million guests at its hotels – and that the data stolen includes contact details, loyalty program information for both the Marriott Bonvoy program and partner programs, personal details and hotel-preferences information, and more. Thankfully, the firm does not believe at this point that any passwords, IDs, or payment card information was stolen.
The breach was discovered in late February – apparently after an unusually large amount of guest information was accessed using the stolen login credentials of two employees of a franchise property.
Marriott is offering a free year of IdentityWorks monitoring service to those affected by the breach.
If your information was breached, you should:
1. Change your Marriott password
2. Change the passwords on any loyalty travel accounts (e.g., airline frequent flier accounts) connected to your Marriott account
In any case, if you have not done so already, you should enable multi-factor authentication on all frequent traveler program accounts that have significant point balances.