The world’s largest hotel company has another data breach on its hands.
Marriott International notified about 5.2 million guests Tuesday that their information was compromised through an app used to provide services at hotels. From mid-January of this year through the end of February, “an unexpected amount of guest information” was accessed through two employees’ login credentials, Marriott announced. The hotel company disabled the login credentials of the two individuals in late February upon discovering the incident.
Contact details like mailing addresses and phone numbers, loyalty account information, personal details like birth dates, linked loyalty programs, and room preferences were the types of information accessed in the data breach. While Marriott is still investigating the matter, the company does not believe Marriott Bonvoy passwords, credit card information, passport information, or driver’s license numbers were accessed.
As part of the investigation, Marriott has implemented tougher monitoring practices, notified authorities, and is supporting those parties in their own investigations. The company also set up a portal for guests to get more information on the data breach and steps they can take to protect their information going forward.
A Marriott spokesperson declined to name the app that was used and told Skift the hotel giant doesn’t discuss underlying technology used at the company. He also declined to elaborate on the work status of the two individuals whose login information was used in the data breach but reiterated the investigation is still ongoing.
This latest instance of compromised guest information comes after Marriott’s 2018 data breach, one of the largest data security failures of all-time. The prior case involved 500 million guests who stayed at Starwood Hotels & Resorts-branded properties between 2014 and mid-September 2018. Marriott bought Starwood in 2016 for $13 billion.