Marriott says hackers accessed the data of 5.2 million hotel guests for several weeks

nanoguy

Posts: 742   +12
Staff member

Hotel giant Marriott says it suffered a data breach involving the personal information of no less than 5.2 million guests. This would be the third time in three years that "an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property."

Marriott sent everyone whose data was exposed by the breach a letter where it notifies them of what happened along with recommended steps to get assistance.

The breach was discovered at the end of February 2020, and an investigation is still ongoing to determine the full extent of the damage caused by attackers. That said, Marriott didn't find any indication of data misuse, and luckily the data accessed by malicious actors didn't include payment card information, Bonvoy account passwords / PINs, national IDs, passport information, or driver's license numbers.

However, attackers were able to get access to contact details like name, email address, mailing address and phone numbers as well as preferences and things like the number of loyalty points, including those obtained through Marriott's partnerships with airlines. The information was exposed from mid-January to the end of February.

Marriott has created a self-service online portal for people who want to find out if their information was exposed in the breach. Guests who have been affected now have their passwords disabled and will have to change them the next time they want to log in. Another important addition is multifactor authentication, which could have made it a lot harder for attackers to succeed.

US residents can also apply for one year of identity monitoring from IdentityWorks, paid for by Marriott. You can do so here, but only until June 30. Non-US residents have a separate website here.

Overall, based on the preliminary information provided by Marriott, this breach looks a lot less severe than the one that happened in 2018, affecting 500 million customers. US authorities believe it was the work of Chinese state-sponsored hackers, but that wouldn't excuse the combination of bad security habits and the lack of safeguards in place at a hotel giant that is routinely a top choice for American government officials and military personnel.

The news also comes at the worst possible time, when Marriott, and, by extent, the entire tourism industry, are laying off a significant number of employees as a desperate measure to survive the impact of the Coronavirus pandemic.

Permalink to story.

 

Yynxs

Posts: 542   +190
Three times in a couple of years indicates multiple players with no loyalty to the others. I prefer the Chinese attacker thought because of the other in-the-news indications of their state sponsored villainy. That said, the Chinese are not the only state sponsored villains, let alone villains. North Korea, Ukraine, Palestine, Hamas spring to mind.
 

OneSpeed

Posts: 432   +229
Fool me once, shame on you. Fool me twice, shame on me, but fool me thrice? Someone needs to fire IT @ Marriott.
 

Yynxs

Posts: 542   +190
Fool me once, shame on you. Fool me twice, shame on me, but fool me thrice? Someone needs to fire IT @ Marriott.
I'm betting IT Marriott didn't pick the accounting system software, booking software, and credit card processing software. Having experienced some other national temporary room companies, I do wonder what country or countries are developing for their systems.
 

jpuroila

Posts: 323   +181
Once is an accident, twice is carelessness, thrice is complicity. The executives involved need to go to prison for this.