NOTTINGHAM, MD—Marriott International announced on Tuesday that the names, addresses, account numbers, and other data of approximately 5.2 million guests may have been exposed in a massive data breach.
This marks the second major breach to hit the hotel chain in less than 24 months.
The company says that hotels operated and franchised under Marriott’s brands use an application to help provide services to guests at hotels. At the end of February 2020, the company identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.
The company believes that this activity started in mid-January 2020. Upon discovery, the company confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Marriott also notified relevant authorities and is supporting their investigations.
At this point, the company believes that the information of up around 5.2 million guests may have been exposed.
In November 2018, Marriott advised that hackers had accessed the records of up to 383 million guests.
The company is sending emails to guests who may have been impacted by this latest incident and is also offering one year of free personal information monitoring to victims.