Marriott discloses data breach: Up to 5 million guests affected

Marriott International was the target of a data breach that exposed personal information of more than 5 million guests.

The accessed guest information includes names, mail and email addresses, and phone numbers.
Here’s what happened. Marriott’s hotel brands use an application to help provide services to hotel guests, the company said. Some of that guest information was accessed using the login credentials of two employees of a hotel property.

Marriott noticed unusual activity at the end of February 2020. It believes the access began in mid-January 2020.
Upon discovery, Marriott confirmed the login credentials were disabled, began an investigation, and notified authorities.

What guest information was exposed?

Marriott said the personal information of up to 5.2 million guests was accessed. The information includes certain personal details. Not every affected guest had all of this information accessed, Marriott said.

Here’s a list of details that were accessed.

• Contact details — including name, mailing address, email address, and phone number.
• Loyalty account information — including account numbers and points balance.
• Other personal details — such as company, gender, and day and month of birthday.
• Partnerships and affiliations — such as linked airline loyalty programs and numbers.
• Preferences — including room and language preferences.

What guest information was not exposed?

The investigation is ongoing, but Marriott said it has no reason to believe more-sensitive guest information — such as passwords or PINs for Marriott Bonvoy travel program accounts, payment card information, passport information, national IDs, or driver’s license numbers — was included.

What is Marriott doing for impacted guests?

Marriott is sending emails to impacted guests. The company has set up a website and call center with more information. The website address is www.mysupport.marriott.com.

The email to guests and the website include steps affected guests can consider taking. For instance, affected guests may consider enrolling in a personal information monitoring service that Marriott is providing.

Here’s how to reach Marriott’s call center.

• United States/Canada: +1-800-598-9655
• Australia: 1800280257
• France: 0805540130
• Germany: 08006644414
• United Kingdom: 08003457018
• Rest of the World (toll may apply): +1-402-952-5356

4 ways to help protect your identity

Data breaches can sometimes lead to identity theft. With your personal information, an identity thief could open new accounts in your name without your knowledge.

Here are options to consider that could help protect your identity:

1. Credit freezes

A credit freeze “freezes” your credit report, making it difficult for potential creditors to access it. Without such access, a creditor cannot open new accounts in your name. To obtain a credit freeze, contact each of the three major credit reporting agencies listed below. There may be fees associated with freezing your credit and removing a freeze.

Equifax: 800-525-6285 or www.equifax.com
Experian: 888-397-3742 or www.experian.com
TransUnion: 800-680-7289 or www.transunion.com

2. Fraud alerts

If you have a fraud alert on your credit files, when someone applies for credit in your name, creditors are required to take reasonable steps to verify that it’s you — not a criminal — attempting to open a loan or applying for a credit card, for instance.

To place a fraud alert on your credit files, contact one of the three major credit reporting agencies. That credit bureau is required to send your request to the other two credit bureaus.

You must renew fraud alerts every 90 days.

3. Credit monitoring

Credit monitoring services track changes to one or more of your credit reports, including applications for new credit cards or loans. The idea behind credit monitoring is to alert you to activity involving your credit report so that you can determine whether someone is attempting to open accounts in your name.

Some banks and credit card companies offer basic credit monitoring by giving customers access to a regular credit score. Unexpected changes to that score may indicate something amiss, and that someone has fraudulently obtained credit in your name. Other companies, including credit reporting agencies themselves, provide more extensive credit monitoring for a fee.

4. Identity theft protection

Identity theft protection services typically provide credit monitoring, and sometimes a credit score, at one or more of the three credit reporting agencies. These services may also monitor the use of your personal information in ways that don’t show up on your credit report. Identity theft protection services may also provide restoration services to help victims resolve issues of identity theft.

There isn’t much you can do to prevent a data breach. Once your information is given to a business or an organization, you likely have no control over how it is stored. If it is not secured, cybercriminals may be able to gain access to it.