Millions of Marriott customers exposed in massive data breach
Third data breach to occur in last few years
The Marriott hotel chain has experienced yet another large-scale data breach, with the details of about 5.2 million guests exposed by hackers.
According to a statement issued by the company, details including names, addresses, birthdays, preferences, emails, phone numbers and loyalty reward program numbers have been compromised.
While the incident is still being investigated, Marriott has said that it has no reason to believe driver license numbers, national identification numbers, passport numbers, or payment information was breached.
- Marriott owner facing huge GDPR breach fine
- US Defence agency reports data breach
- Slickwraps hit by customer data breach
Marriott data breach
The company believes that the unauthorized access started in mid-January this year with the help of the credentials of two employees at a franchisee property in Russia.
This unusual login activity was identified at the end of February, with Marriott noting that, "Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests."
The company has already informed any affected customers via email and has also set up a dedicated portal along with a call centre to help customers find out if they were impacted. It is also asking members of its Bonvoy loyalty scheme to change their login credentials and enable multi-factor authentication.
The breach is the third such incident Marriott has experienced in recent years, most notably including a breach in 2018 that was initially thought to have impacted over 500 million users. It resulted in compromising customer details like names, addresses, passport numbers, birth dates, arrival and departure information and reservation dates.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
As a result, a fine of $124 million was levied by the Information Commissioner’s Office.
In October last year, the company reported that some unidentified attackers were able to gain access to gain access to personally identifiable details like names, addresses and Social Security numbers of over 1500 employees. This breach happened through a vendor responsible for handling official documents.
Via: WSJ
Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.