Marriott Reports Another Security Breach Impacting 5.2m Guests

by | Apr 1, 2020

The Marriott Hotel Group has revealed that it has suffered its third data breach in just over two years and has impacted the private data of up to 5.2m guests.

The hotel group that operates Marriott Hotel, Starwood Hotels released a statement that said uses an application to help provide services to its guests. However from  the middle of January this year, the login details of two employees at a franchised property were used to access guest information on this app. They have not revealed which chain of hotels was responsible for the breach. Starwood Hotels runs eleven hotel brands including 1,297 properties comprising 370,000 hotel rooms in around 100 countries globally.

The breach was discovered before the beginning of March and access to the compromised accounts was promptly disabled and an official review into the breach was initiated.

In an official statement on the breach the hotel chain revealed that an “unexpected amount of guest information may have been accessed”. It went on to add that there is no indication that passwords, PINs, payment card information, passport information or national IDs were accessed as part of the breach.

Despite this there is the range of other information that was accessible during the breach includes contact details, loyalty account information, partnerships and affiliations, hotel preferences and other personal details.

In order to allow customers discover if they were impacted as part of the breach Marriott has created a self-service portal for guests to check whether or not their information was involved in this and what information may have been accessed.  In addition to this the group has also established call centres to assist guests and is offering a year free subscription to a privacy monitoring servicE to any customers that may have been affected by the private data breach.

Passwords have already been disabled on impacted accounts and Marriott is advising that guests visit their account portal, create a new password and enable two-factor authentication. Guests should also keep a close eye on all of their account for anything that might be suspicious or unusual activity. If anything is noticed then it should be reported immediately.

The group could how face a range of different fines and penalties unders legislation including the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Brendan McManus Global Corporate/Financial Communications and Executive Positioning for Marriott International released a statement in relation to the investigation which said “Our investigation is still open, and it is too early to comment.”

Previous Marriott Hotel Data Breaches

In November 2018 it was revealed that hackers had been accessing their Starwood guest reservation database for over four years. 383 million guests were affected by the data privacy breach.

The subsequent review showed that 383 million guest records had been accessible during the breach including:

  • 18.5 million encrypted passport numbers
  • 5.25 million unencrypted passport numbers
  • 9.1 million encrypted payment card numbers
  • 385,000 card numbers that were still

In the United Kingdom the Information Commissioners office fined the group £99m ($123m) in relation to the breach in 2019.

It was also revealed, in a letter to the California attorney general in October 2019, that hackers had obtained around 1,552 company employees’ names, addresses and Social Security numbers through a former vendor that handled official documents such as court orders and subpoenas.



Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy