The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission.
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Marriott International, the hotel group that owns global chains including Marriott, St Regis and The Ritz-Carlton, has suffered a major security breach – its second in three years.
The company announced on 31 March that details of up to 5.2 million customers could have been accessed between mid-January and the end of February this year.
In a statement, Marriott said: “Hotels operated and franchised under Marriott’s brands use an application to help provide services to guests at hotels.
“At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. We believe this activity started in mid-January 2020.”
The access credentials involved have now been disabled and the hotel group is currently investigating the incident and the extent of the breach.
It said that “although our investigation is ongoing, we currently have no reason to believe that the information involved included Marriott Bonvoy (its loyalty scheme) account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.”
However, the data breach could have involved contact details (eg name, mailing address, email address, and phone number); loyalty account information (eg account number and points balance, but not passwords); additional personal details (eg company, gender, and birthday day and month); partnerships and affiliations (eg linked airline loyalty programmes and numbers); and preferences (eg stay/room preferences and language preference).
Marriott has already contacted customers involved, and they will be required to reset their passwords, while worried guests can also check whether they were affected via a dedicated portal.
Customers whose data may have been breached are also offered enrolment into IdentityWorks, a personal information monitoring service, free of charge for a year.
The Marriott group has previously experienced another major data breach, which was discovered in 2018.
Up to half a billion customers were affected – the largest breach in history – and some credit card details were affected.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments