author photo
By Clare O’Gara
Wed | Apr 1, 2020 | 4:30 AM PDT

Have you stayed at a Marriott hotel? If so, your information may be at risk.

It's a smaller breach than last time, but still potentially damaging. According to Marriott, approximately 5.2 million guests were involved in the hack.

What happened in the new Marriott data breach?

Marriott answered the questions about what happened in its breach notification letter:

"At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. We believe this activity started in mid-January 2020.

Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests."

This is Marriott's second breach in recent years. The hotel chain experienced an even larger hack in 2018, when the information from approximately 500 million guests was copied and stolen. SecureWorld covered the story:

Those responsible for the breach had also encrypted a copy of the database and were removing it. Cybersecurity experts had to break through the encryption to figure out what the database contained.

Only then did they realize it was Starwood's massive reservations database. 

This time around, Marriott has identified that the following customer information was exposed:

  • Contact fetails
  • Loyalty account information
  • Additional personal details
  • Partnerships and affiliations
  • Preferences

How to check: was my data stolen in the new Marriott data breach?

It's better to be safe than sorry, so here's how to check if your Marriott data was stolen.

One way is to check your email and see if you were notified from this address: marriott@email-marriott.com, which is its standard address for communicating with customers.

Also, Marriott developed a self-service portal to assist customers. You can find it here.

Use self-service portal to find out if you were part of Marriott breach

Use the data breach portal and follow these steps:

1. Enter your email and Marriott Bonvoy number. The form looks like this:

bonvoy-data-breach-confirmation-1

2. A message will pop up asking you to confirm your email. At this point, go to your email and confirm it's you.

bonvoy-data-breach-confirmation-2

3. Marriott replies that it received the request and is working on it.

bonvoy-data-breach-confirmation-3[1]
 

Your final step is to wait for an email from Marriott. And remember, the hotel chain will never send you an email asking you to enter personal information.

If you get one of those, it is likely from hackers trying to get your Marriott credentials or payment information.

Related podcast: behind the scenes of a data breach

Are you wondering what it is like behind the scenes of a data breach, and to get fired because of one? If so, check out this SecureWorld podcast with the man Equifax blamed for its mega-breach:

 
Comments