Marriott is notifying millions of guests of a
security breach involving one of its property systems.
The notice explains what occurred, the information
involved, the measures taken by Marriott to investigate and
address the issue, how Marriott is assisting guests, and the steps
guests should consider taking.
Hotels operated and franchised under Marriott’s
brands use an application to help provide services to guests at
hotels. At the end of February 2020, the company identified that
an unexpected amount of guest information may have been accessed
using the login credentials of two employees at a franchise
property. The company believes that this activity started in
Upon discovery, Marriott says that the login
credentials were disabled and it immediately began an
investigation, implemented heightened monitoring, and arranged
resources to inform and assist guests.
Marriott has also notified relevant authorities
and is supporting their investigations.
Although Marriott’s investigation is ongoing, the
company says that it currently has no reason to believe that the information
involved included Marriott Bonvoy account passwords or PINs,
payment card information, passport information, national IDs, or
driver’s license numbers.
At this point, the company believes that the
following information may have been involved for up to
approximately 5.2 million guests, although not all of this
information was present for every guest involved:
– contact details (e.g., name, mailing address,
email address, and phone number);
– loyalty account information (e.g., account
number and points balance, but not passwords);
– additional personal details (e.g., company,
gender, and birthday day and month);
– partnerships and affiliations (e.g., linked
airline loyalty programs and numbers); and/or
– preferences (e.g., stay/room preferences and
Marriott has been sending emails to guests
involved and has also set up a
dedicated website and call center
resources with additional information for guests.