Marriott International on Tuesday revealed a data breach affecting an estimated 5.2 million hotel guests, the second significant security incident to hit the hospitality giant in the last 16 months.
The breach exposed guests’ personal information such as names, addresses, employer, and loyalty account numbers, the company said in a statement. The login credentials of two Marriott employees were used to access guest information in activity that began in mid-January, the statement said.
Marriott said it detected the compromise at the end of February and confirmed the credentials had been disabled.
“[W]e currently have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers,” Marriott said. An investigation is ongoing.
Hotel chains are a natural target for both criminals looking to sell guests’ personal information and spies looking to track government officials.
In November 2018, Marriott announced a bigger breach of its Starwood Hotels database that affected hundreds of millions of guests. U.S. officials have accused Chinese hackers of carrying out that breach, an allegation Beijing denies.
This is a developing story and will be updated as information becomes available.