Advertisement

Marriott discloses data breach affecting 5.2 million guests

It's the second significant security incident to hit the hospitality giant in the last 16 months.
Marriott data breach
Marriott said it detected the compromise at the end of February. (Getty Images)

Marriott International on Tuesday revealed a data breach affecting an estimated 5.2 million hotel guests, the second significant security incident to hit the hospitality giant in the last 16 months.

The breach exposed guests’ personal information such as names, addresses, employer, and loyalty account numbers, the company said in a statement. The login credentials of two Marriott employees were used to access guest information in activity that began in mid-January, the statement said.

Marriott said it detected the compromise at the end of February and confirmed the credentials had been disabled.

“[W]e currently have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers,” Marriott said. An investigation is ongoing.

Advertisement

Hotel chains are a natural target for both criminals looking to sell guests’ personal information and spies looking to track government officials.

In November 2018, Marriott announced a bigger breach of its Starwood Hotels database that affected hundreds of millions of guests. U.S. officials have accused Chinese hackers of carrying out that breach, an allegation Beijing denies.

This is a developing story and will be updated as information becomes available.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts