Bethesda, USA (April 02, 2020) – Marriott International confirmed that they were hit by a cyberattack involving a property system in mid-January. The data breach is the second cybersecurity incident in two years for the multinational hotel company leaving its customers with the prospect of identity theft. 5.2 million guest records have been compromised. The company does not believe that payment data was stolen. The data breach is only one of numerous recent attacks on various businesses and organizations which resulted in interference with people’s personal information including the telecommunications company Rogers and Prince Edward Island government agencies.
Marriott International confirmed in a statement that they were hit by a cyberattack that resulted in a data breach of approximately 5.2 million guest records. The incident involved a property system and was already the second attack in two years.
Marriott data breach compromised 5.2 million guest records
The statement says that the multinational hotel company discovered the breach in late February. Reportedly, hackers obtained the login credentials of two employees at a franchise hotel. It is believed that the attack occurred in mid-January.
During the cyberattack ‘an unexpected amount of guest information may have been accessed.’ But the hotel giant says it has ‘no reason’ to believe that payment data, account passwords, PINs, passport information, or driver’s license numbers were stolen.
However, the personal information of 5.2 million Marriott guests has been compromised by the attack including names, addresses, email addresses, phone numbers, loyalty member data, dates of birth, and other travel information.
The investigation is ongoing
Marriott started to notify guests who were affected by the breach via email on March 31. ‘Upon discovery, the company confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests,’ states the company’s press release. ‘Marriott also notified relevant authorities and is supporting their investigations.’
Marriott is providing personal information monitoring for guests involved. Customers can find further information about the incident on the companies dedicated website or by calling +1-800-598-9655.
Second data breach in two years
The data breach is already the second incident for Marriott in two years. In 2018, the company spotted a multi-year breach of the subsidiary Starwood Hotels’ central reservation system. Back in 2014, malware infected the security systems exposing the personal data of 383 million Marriott customers.
European authorities issued Marriott with a fine of $123 million in the wake of the breach.
Not an isolated case – another day, another data breach
Unfortunately, the recent Marriott data breach is only one of numerous attacks on various businesses and organizations that resulted in interference with people’s personal details. In late February, the telecommunications company Rogers found out that one of the companies it deals with left a database open compromising the personal information of many customers.
‘On February 26, 2020, Rogers became aware that one of our external service providers had inadvertently made information available online that provided access to a database managed by that service provider,’ Rogers explained on its support page.
Not even Canadian government agencies are immune against cyberattacks. In late February, several government departments of Prince Edward Island (P.E.I.) were hit by a ransomware attack. Confidential information from over 300 individuals and 200 businesses who have received assistance from the province’s AgriStability program were exposed including social insurance numbers and names as well as business numbers.
Be aware of the prospect of identity theft
Experts advise Canadians to keep an eye on their bank accounts since data breaches endanger people being victimized by identity fraudsters. The compromised information in the wrong hands can cause major damage to an individual’s life.
In order to protect against identity theft, it is recommended to put fraud alerts on accounts, to regularly change passwords for banking institutions, to use two-factor authentification, to ensure privacy settings on social media accounts are high, and to avoid online shopping and banking using public wi-fi.