In November 2018, hotel giant Marriott disclosed that it had suffered one of the largest breaches in history. That hack compromised the information of 500 million people who had made a reservation at a Starwood hotel. On Tuesday, Marriott announced that it had once again been hit, with up to 5.2 million guests at risk. Which is a kind of progress, in a way?
From the Marriott incident notification:
Hotels operated and franchised under Marriott’s brands use an application to help provide services to guests at hotels. At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. We believe this activity started in mid-January 2020. Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests.
Although our investigation is ongoing, we currently have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.
At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved:
- Contact Details (e.g., name, mailing address, email address, and phone number)
- Loyalty Account Information (e.g., account number and points balance, but not passwords)
- Additional Personal Details (e.g., company, gender, and birthday day and month)
- Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers)
- Preferences (e.g., stay/room preferences and language preference)
From this report it looks like the breach was discovered via someone accessing unexpected amounts of customer data. Are you monitoring for this type of system access? https://t.co/ERXhrIsJIk— Teri Radichel #cloudsecurity #cybersecurity (@TeriRadichel) April 1, 2020
Marriott discloses new data breach impacting 5.2 million hotel guests— Catalin Cimpanu (@campuscodi) March 31, 2020
- Breach occurred in mid-Jan 2020
- Was discovered in late Feb 2020
- Marriott said hacker gained access to Bonvoy loyalty program data
- Hacker used logins for 2 Marriott employeeshttps://t.co/vY8RgQjQzb pic.twitter.com/2i36Oe1TEX