Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Marriott International: Data Breach of Up to 5.2 Million Guests Confirmed

April 2, 2020

Naked Security reported on March 31 that Marriott International announced (on March 31) that it has suffered a data breach affecting up to 5.2 million people. That sure seemed like a story that might affect a lot of lawyers.

Marriott uses an application to provide services to its guests. In mid-January of this year, the login credentials of two employees at a franchised property were used to access guest information on the app.

The breach was detected at the end of February. Marriott investigated and disabled those login credentials.

Compromised data included:

Contact details (name, mailing address, email address, and phone number)
Loyalty account information (account number and points balance, but not passwords)
Additional personal details (company, gender, and birthday day and month)
Partnerships and affiliations (linked airline loyalty programs and numbers)
Preferences (stay/room preferences and language preference)

Marriott indicated that there is currently no reason to believe the information accessed included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver's license numbers.

Marriott informed guests via email on March 31. It is giving guests the option of accessing a data monitoring service for a year.

Marriott has a self-service portal for you to determine if and what information of yours was accessed. It's also listed a set of phone numbers you can call on its breach announcement page.

If your information was involved, Marriott has disabled your password and you'll be prompted to enter a new one when you next log in. The company recommends you enable two-factor authentication (2FA) on your account, although Naked Security couldn't find the option when they logged in. Ditto, we couldn't find it either.

Good news here is that our data wasn't compromised.

Be wary of scams involving the breach – phishing emails with links or attachments and the like.

Marriott says that if it contacts you by email it will be from the email address and it won't send emails with attachments or ones that ask for information.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Marriott International: Data Breach of Up to 5.2 Million Guests Confirmed

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer