Security Market Segment LS
Wednesday, 01 April 2020 05:21

Marriott hotels breached, data of 5.2m believed to have been accessed Featured

Marriott hotels breached, data of 5.2m believed to have been accessed Image by Michelle Maria from Pixabay

Hotels and resorts operator Marriott has suffered a data breach, with information of about 5.2 million of its guests having been accessed, the company has said. It has a number of hotels in Australia.

In a detailed statement, Marriott said it had noticed at the end of February that two employee credentials for an application it uses to provide services to guests at its hotels had been used to access an "unexpected" amount of information. The credentials were for two individuals at a franchise property.

The activity is believed to have begun in mid-January. The login credentials were subsequently disabled. Marriott said it "immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests".

In 2018, Marriott's line of Starwood hotels experienced a data breach, with the information about of about 500 million guests said to have been stolen. Australia was badly affected, with details of more than 10 million guests believed to have been pilfered.

The company said on 31 March it had sent emails to guests whose information it believed had been accessed.

"...we currently have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s licence numbers," the statement said. Marriott Bonvoy is a loyalty program which customers can join.

Call centres have been set up for customers in various countries to obtain more information and the numbers can be viewed here. In Australia, one needs to contact 1800280257.

The following information is believed to have been accessed:

  • Contact details (e.g., name, mailing address, email address, and phone number)
  • Loyalty account information (e.g., account number and points balance, but not passwords)
  • Additional personal details (e.g., company, gender, and birthday day and month)
  • Partnerships and affiliations (e.g., linked airline loyalty programs and numbers)
  • Preferences (e.g., stay/room preferences and language preference)

Marriott said it was offering those affected the option of free enrolment in a personal information monitoring service known as IdentityWorks, for a year.

It said the passwords of Marriott Bonvoy members believed to have had their information accessed had been disabled.

"When you log in to your Marriott Bonvoy account at, you will be prompted to change your password," the statement said. "You will also be prompted to enable multi-factor authentication to further protect access to your account. We have notified relevant authorities and are supporting their investigations."

Commenting on the incident, Andrew Hollister, senior director of security intelligence company LogRhythm, said: “A global company like Marriott, which holds a massive amount of personal information about its guests, will always be an attractive target for bad actors.

"While this is the second data breach Marriott has reported in the last two years, there are some positives to draw from the statement released on 31 March.

"In the previous incident in 2018, Marriott detected signs of unauthorised activity going back four years. In this new case, the activity appears to have begun in January 2020 and been detected in February 2020.

"This is a significant improvement in time to detect and respond to a data breach. While a significant number of records has been breached, the reduced time to detect has no doubt contributed to the number being substantially lower than on the previous occasion."

Hollister said that the latest data breach just showed that continuing vigilance was required to keep reducing the time to detect and respond to threats.

It also underlined the fact that "real reductions in impact can be made with focus on this issue that affects every company on the globe which holds personal information".

Chris Morales, head of Security Analytics at AI-based network detection and response firm Vectra AI, said: "Our research shows that privileged access from unknown hosts occurs inside every industry, leading to unintended exposure of critical systems. Yet these privileged accounts rarely receive direct oversight or technical control of how they are used, even when privileged access management tools are in place.

"It is this lack of oversight or understanding of how privileged accounts are being used that creates the operational and financial risk for organisations. If used improperly, privileged accounts have the power to cause much damage, including data theft, espionage, sabotage, or ransom."

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments