Marriott International was the target of another hack. (Picture: Felix Doering)

Guest information was accessed by hackers through a Marriott franchise property system.

Marriott International recently had to alert its customers to an invasion of information following a data breach involving a guest service application. We take a look at what happened and how Marriott is dealing with the breach.

Data breach at Marriott

At the end of March, hotel giants Marriott released a statement saying that there had been a breach of its data, where over 5m of the group’s customers may have had their information accessed by hackers. The hack was performed via a customer service application used in hotels operated and franchised by Marriott, and the press release about the incident stated that, “At the end of February 2020, the company identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.” Marriott says that, although the number of customers vulnerable to this breach was significant, no Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers were accessed in the hack.

Cause and effect

As soon as Marriott was aware of this activity, the employee accounts were disabled and an investigation into the incident was launched. What the group gleaned from this investigation was that the following information for about 5.2m customers had been accessed:

Contact details

• Loyalty account information – account number and points balance, but not passwords
• Personal details – company, gender, birthday
• Partnerships and affiliations – linked airline loyalty programs and numbers
• Preferences – stay/room preferences and language preference

Marriott has been in contact via email with any guests whose information may have potentially been accessed, and has set up a dedicated website and call centre where customers can find information and support in the matter. Marriott is insured against cyber attacks, and is working on getting its insurers to assess the damage. While significant, this incident pales in comparison to the November 2018 hack, where 400m customers’ information was exposed to a data breach. No doubt Marriott’s ability to effectively deal with this hack will be compromised by the current and ongoing Covid19 crisis, and the group’s share price has also taken a hit, with shares down 7% on April 1st.