Marriott property system incident may impact up to 5.2M guests

Security regulations
Marriott International said the personal information of up to approximately 5.2 million guests may have been involved in an incident earlier this year. Photo credit: iStock/Getty Images Plus

Marriott International began notifying guests Tuesday of an incident that may have leaked the personal information of up to approximately 5.2 million guests.

The company said it currently believes the following information may have been involved, although not all was present for every guest:

  • Contact details (name, mailing address, email address and phone number)
  • Loyalty account information (account number and points balance, but not passwords)
  • Additional personal details (company, gender and birthday day and month)
  • Partnerships and affiliations (linked airline loyalty programs and numbers)
  • Preferences (stay/room preferences and language preferences)

According to Marriott, the incident involved an application used by Marriott hotels to provide services to guests at hotels. At the end of February, the company said it noticed an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. Marriott believes the activity started in mid-January.

Virtual Roundtable

Post COVID-19: The New Guest Experience

Join Hotel Management’s Elaine Simon for our latest roundtable—Post COVID-19: The New Guest Experience. The experts on the panel will share how to inspire guest confidence that hotels are safe and clean and how to win back guest business.

Upon discovery, Marriott disabled the login credentials in question, began an investigation, implemented heightened monitoring and arranged resources to inform and assist guests. The company also notified relevant authorities and is supporting their investigations.

Although Marriott’s investigation is ongoing, it said it has no reason to believe the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs or driver’s license numbers.

Marriott carries cyber insurance and is working with its insurers to assess coverage. The company said it does not believe that its total costs related to this incident will be significant.

Suggested Articles

Nearly four years after it opened, the Four Points by Sheraton Havana will lose its license to operate.

A study from Optii Solutions examines the average cost of cleaning a guestroom to new sanitation standards.

The management company added the InfoGenesis POS solution as well as rGuest Buy Guest Kiosk, rGuest Buy OnDemand and Agilysys Authorize.