Marriott, the world’s largest guest room hotel chain, announced on Tuesday that a security risk related to the loyalty app of the company affected up to 5.2 million customers. In less than one and a half years, this was the second major breach of Marriott’s guest records. The previous infringement struck about 383 million visitors in November 2018.
The following comment was made by Ed Mierzwinski, Senior Director of Federal Consumer Services at US PIRG:
“Marriott says it doesn’t believe that credit card numbers were taken in the latest breach exposing the personal data of up to 5.2 million customers. So what? Consumers are not accountable for existing account credit card fraud, their banks are. Nevertheless, consumers should still be on guard.
“What Marriott is calling a “property system incident” makes an excellent lure for spear phishers who want to use personal data to threaten workers at other companies or government agencies. Marriott guests should be careful, based on a vast volume of personally identifiable information-including birth dates, numbers of loyalty points, mobile phone accounts, and email addresses-that Marriott acknowledges that they may have received in the heist of emails, phone calls, and email addresses.
“This second reported Marriott breach in 16 months, although much smaller than the first, (which Trump administration officials told the New York Times was pulled off by Chinese hackers), points out the need for strong laws allowing consumers to hold companies accountable for privacy harms. For more information on what consumers can do to protect themselves, see U.S. PIRG’s privacy and identity theft tips.”
The organization claims that Upto 5.2 million visitors’ information may have breached. The following information could have been used, but not all this information was available for all active guests:
- contact details (e.g., name, mailing address, email address, and phone number)
- loyalty account information (e.g., account number and points balance, but not passwords)
- additional personal details (e.g., company, gender, and birthday day and month)
- partnerships and affiliations (e.g., linked airline loyalty programs and numbers)
- preferences (e.g., stay/room preferences and language preference)