On Tuesday, March 31, 2020, Marriott International notified 5.2 million customers that there was a data breach involving guest contact details, loyalty account information and partnership/affiliation information (such as linked airline loyalty programs). The company stated that they believed the incident began in January 2020, was discovered at the end of February and was the result of an unauthorized person gaining access to guest information using stolen login credentials for a third-party app that had access to their systems.
Even though more critical information such as account passwords, payment card information, passport information, national IDs, or driver’s license numbers was not exposed, this is the second major data exposure in just a matter of years and this third-party cyber incident will have further ramifications across their brand similar to the first breach.
RiskRecon Founder and CEO Kelly White was interviewed for several articles around this data breach, discussing how this could have been prevented and what mistakes could have been avoided.
Read all of Kelly's commentary in the links below:
- SC Magazine - New Marriott data breach impacts 5.2 million guests
- Threatpost - Millions of Guests Impacted in Marriott Data Breach, Again
- Hospitality Technology - BREAKING: 5.2M Guests Affected by New Marriott Data Breach
- Help Net Security - Marriott International 2020 data breach: 5.2 million customers affected