ITRC_SS_marriott breach 2020

The Marriott hotel property chain has announced that they discovered a data breach at the end of February that affected an estimated 5.2 million guests of the hotel. The information that was accessed by unauthorized hackers in the Marriott breach included names, email addresses and phone numbers, age and gender information, and even some data such as employers’ names.

Fortunately, no payment card information was accessed, as well as sensitive data like passport numbers or Social Security numbers. While loyalty account information for the Marriott Bonvoy program may have been compromised—such as account numbers and the balances of accumulated points—the passwords on those accounts were not breached. The hotel chain disabled the affected Bonvoy accounts and users will be required to create a new password the next time they log in, just to be safe.

This is the second Marriott breach in recent years. The company was attacked in a similar way in September of 2018, and a lot of invasive information for more than 383 million guests was involved.

The Marriott breach is believed to have been the work of a possible phishing attack, as the hackers seem to have used stolen employee login credentials to access the system. Marriott is still notifying the affected customers. However, there are some important steps that people can take in order to protect themselves from this data breach.

  1. People should change their password on their Marriott account, and on any other account where they might have used the same username and password.
  2. Affected guests should be on the lookout for harmful spam and phishing attempts. The hackers now have enough information about the guests’ Marriott or Bonvoy accounts to send realistic-looking emails. Individuals should never click a link, open an attachment or download a file that they are not expecting, even if the sender looks like someone they know and do business with.
  3. It is important for those affected by the Marriott breach to follow any directions in this or any other notification letter they receive. If they are offered services like identity theft monitoring or credit monitoring as the result of the data breach, they are encouraged to sign up for it immediately.

If anyone has been affected by the Marriott breach, they are encouraged to visit www.idtheftcenter.org and live-chat with an expert advisor. If they do not have access to the internet, they can call toll-free at 888.400.5530. Callers will have to leave a message due to the fact advisors are working remotely. However, an advisor will return the victim’s calls as soon as possible.


You might also be interested in…