Marriott has second massive data breach in 2 years; over 5 million guests compromised

On Tuesday, March 31, Marriott International disclosed that it suffered a data breach that likely affected more than 5 million guests.

According to a press release from Marriott, the breach began in mid-January 2020 and was discovered at the end of February 2020. Per the results of the company's investigation, compromised data includes contact details (name, phone number, email address, mailing address); loyalty account information (passwords were not affected); additional personal details (birth date, gender, company); partnerships and affiliations (linked airline accounts and frequent flyer numbers) and preferences (language and room preferences).

For more TPG news delivered each morning to your inbox, sign up for our daily newsletter.

Marriott says that Bonvoy passwords, credit cards, driver's license/national identification numbers, credit cards and passport information were not affected in this latest breach.

The chain sent emails to all involved parties, though if you want to check for yourself, you can do so through a portal that Marriott has set up. It will let you know if your data was involved in the breach and, if so, what specifically was affected.

If you were affected by this latest breach, you'll notice that you'll be required to change your Bonvoy account password upon logging in, and you'll be asked to set up two-factor authentication to add a layer of security to your account. Marriott says that it's working with the appropriate authorities regarding this situation.

Daily Newsletter

Reward your inbox with the TPG Daily newsletter

Join over 700,000 readers for breaking news, in-depth guides and exclusive deals from TPG’s experts

Email address

Sign up

By signing up, you will receive newsletters and promotional content and agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.

How to protect yourself from a data breach

With incidences of cybercrime continuing to rise, it's hard to stay ahead of the curve when it comes to your online information. However, there are some steps you can take to better safeguard your data.

Use identity-protection programs

For those who are affected by this incident, Marriott is offering one year of a complimentary information-monitoring service through IdentityWorks via Experian. U.S. residents can enroll here and those who live outside the U.S. and in participating countries enroll here.

There are other services on the market, like CompleteID (also offered through Experian) and LifeLock, that are available to all consumers and start at $9.99 per month, a small price to pay for data security.

Change your passwords

This always seems like a no-brainer, but this is one of the best ways to keep your information safe. In today's world, there are an endless number of passwords to keep track of, so we recommend using a password manager like 1Password to keep it all straight for you. 1Password charges roughly $5 per month, and you can store and protect all the passwords for your entire family. It also works with biometric features on the Apple platform like TouchID and FaceID, adding another level of security for your passwords. Hackers are less likely to be able to figure out a unique, 25-character password with letters, numbers and symbols.

For another layer of security, enable two-factor authentication on all accounts that offer it.

Regularly check your accounts

It's important to check your balances once a month (at the very least) to make sure you don't see any fraudulent activity. A service like Award Wallet can also help track your balances for free.

Bottom line

This Marriott data breach marks the second in as many years for the world's largest hotel chain. While this recent breach isn't nearly as widespread or devastating as the last one that affected Marriott in 2018, it's concerning that breaches that affect millions of guests continue to happen with some degree of frequency.

Perhaps we'll crack the code on data security in the future but for now, it's important to remain vigilant with your online data while cybercriminals still have the upper hand.