The Marriott hotel chain posted a breach notification on its website that outlines details of a breach from the end of February. The chain discovered a hacker had used the credentials of staff from a franchise property to access sensitive customer information through a backend system on their official app.
Marriott says the breach dates back to mid-January but offered no more information about how the attack happened in the first place.
The chain went into detail on the information that hackers had access to, including information from the Marriott Bonvoy loyalty program;
- Contact information such as names, addresses, email addresses, and phone numbers
- Loyalty account information such as account number and number of loyalty points, but no passwords
- Additional personal information such as birthdays, gender, and company
- Partnerships and affiliations such as connected loyalty programs and the account numbers for those programs
- Preferences such as language and room preferences
Marriott believes that the hackers don't have access to any passwords, PINs, payment cards, passports, driver's licenses, and national IDs from the compromised accounts. So, not all information related to accounts has been stolen.
Marriott also launched their own online portal for those affected by the hack. App users can check to see if their information was compromised and what kind of information hackers might have from the breach.
This is the second time in the past 16 months that Marriott has disclosed a data security breach. They announced that hackers had accessed the reservations system of their Starwood Hotels back in November 2019. During that breach, hackers allegedly stole the personal information of over 384 million guests. US authorities believe the hackers are of Chinese origin but have yet to make any official charges over the attacks.