The hotel chain Marriott confirmed a new episode of data breach: the second occurred in the last three years and this time concerns the personal information of 5.2 million customers of the company.
The company said it discovered the incident in late February, a violation of an unspecified property system in a chain hotel. Hackers have managed to obtain, it is not known yet exploiting which stratagem or if supported internally, the login credentials of two employees and infiltrated the computer system. Although the discovery happened in late February, the violation dates back to mid-January.
The security flaw was discovered after Marriot identified an abnormal number of access to guest information from only two accounts of its employees. The two profiles were therefore disabled and the company started investigating the accident.
Personal data stolen, but not credit card numbers
Marriot said there was "no reason to believe" that payment information had been stolen, but warned that names, addresses, telephone numbers, loyalty card numbers, dates of birth and other travel information (such as airline miles and room preferences) may have been stolen. Although there is no direct risk to the financial security of the customers involved, all the stolen information is for useful in implementing identity theft attempts, whose potential consequences could be just as serious.
As of yesterday, Marriott began contacting guests who may be involved in their efforts by sending them an email. Customers can also find online a resource dedicated to the accident, which in addition to indicating the number of a call center that can provide further information, also makes it possible to request a information monitoring service to avoid the risk of their unauthorized use.
In 2018 Starwood, a subsidiary of Marriot, had made known the compromise of the booking system, which had led to the exposure of the personal data of 383 million customersincluding five million passport numbers and eight million credit card numbers. The incident had triggered a harsh response from the European authorities with a $ 123 million penalty.
