Marriott Data Breach Hits 520 Million People: What to Do Now

Marriott Data Breach Hits 520 Million People: What to Do Now

Marriott International announced today (March 31) a data breach affecting approximately 52 million former hotel guests

The potentially stolen data included guests' names, addresses, e-mail addresses, and phone numbers, as well as details of their Marriott Bomboy accounts and rooms

However, according to the web page Marriott posted about the incident, it did not include "payment card information, passport information, national ID, or driver's license numbers" or "passwords or PINs for Marriott Bomboy accounts"

This somewhat limits the potential damage from data theft, but spammers and robocallers may enjoy using contact information

In some instances, the "birthday" and "month" of the guest was included, but in order for identity thieves to count it, they would probably need to know the birth year of the targeted individual as well

Marriott owns approximately 30 hotel and hospitality brands, including Sheraton, W, Westin, Ritz-Carlton, Le Meridien, Renaissance, Fairfield Inn, as well as a half dozen Marriott brands The full list is at the end of this article

Affected guests should have already received an email from Marriott (specifically from the address marriott@email-marriottcom) regarding this matter If in doubt, there is a "self-service portal" where you can check to see if you are affected

You can also call toll-free to +1-800-598-9655 in the US and Canada, 08003457018 in the UK, 1800280257 in Australia, 0805540130 in France, and 08006644414 in Germany In other areas, international calls must be made to +1-402-952-5356

The email should contain a code to enroll in Experian IdentityWorks identity theft protection for free for one year If you want to subscribe to better protection, you can look through our review of the best identity theft protection services, but it can't hurt

Marriott has not indicated how old the compromised data may be, so we cannot yet say when affected guests may have stayed at Marriott-managed properties

The company said the breach began in mid-January after someone exploited the login credentials of two employees at a "franchised property," ie, a Marriott-branded hotel not directly owned by Marriott International

The intrusion was discovered at the end of February, which means the intruders had been prowling Marriott's systems for six weeks

In late 2018, Marriott reported a larger and even more serious data breach involving the records of nearly 500 million people who stayed at the former Starwood hotel brand

The breach began in 2014, two years before Marriott International acquired Starwood hotels, and included guests' passport and credit card numbers

Since none of the stolen information has been identified in the criminal market, some cybercrime experts now believe that the breaches between 2014 and 2018 were carried out by hackers aided by the Chinese state who were looking for information on the movements of Western politicians, business executives, diplomats, and spies They believe that

Marriott International owns and/or manages "30 brands and more than 7,000 properties across 131 countries and territories," according to its website

Its hotel brands include Ritz-Carlton, St Regis, W, Sheraton; Regis, W, Sheraton, Edition, Delta, Rennaissance, Gaylord, Luxury Collection, Le Meridien, Westin, Four Points, SpringHill Suites, Protea, Fairfield Inn and Suites, AC, Aloft, Moxy, Residence Inn, Element, TownePlace Suites, Autograph Collection, Design Hotels, Tribute Portfolio, as well as Homes & Villas by Marriott International, Marriott Executive Apartments, Courtyard by Marriott, Marriott Vacation Club, Marriott Hotels, and JW Marriott

Categories