Marriott data breach: What to know and how to protect your data

Paul Squire

Marriott says customers’ names, addresses, phone numbers, and other personal details were accessed in a large data breach — the second to hit the hotel chain in less than two years.

In a statement Tuesday, Marriott announced that the information was accessed using the login credentials of two employees at a franchise property at the end of February. Among the stolen data could be:

  • Contact information such as names, mailing addresses, email addresses, and phone numbers
  • Loyalty account information
  • Personal details like gender and the day and month of customers’ birthdays.
  • Linked loyalty program affiliations
  • User preferences

Marriott said not all of that information was exposed for every guest and that credit card data, passport information, and passwords were not accessed.

Getty Images

The hotel chain has sent emails to guests who were affected by the breach, adding that up to 5.2 million customers may have been affected.

Marriott has also set up a website for customers to check to see if their data was exposed.

So what can you do to protect your information? Here are a few steps you can take:

First, Check Marriott’s dedicated website to see if your data was affected and if so, what data was exposed.

If your information was accessed, Marriott is offering access to personal information monitoring service IdentityWorks for one year for free. IdentityWorks is run by Experian and allows you to identify information that you would like to have the service monitor.

Customers have until June 30, 2020 to enroll. U.S. residents can enroll on the Experian IdentityWorks website using the activation code sent in the email from Marriott. Non-U.S. residents can sign up using a separate site.

Customers can contact a call center set up by Marriott for further details. The U.S. hotline can be reached at 1-800-598-9655 from 8 a.m. to 8 p.m. EST, Monday through Friday.

This marks the second major data breach for Marriott in recent years. A data breach possibly dating back to 2014 targeted a guest reservation system operated by Starwood, a hotel and leisure company that Marriott acquired in 2016. The breach was only discovered in 2018 and may have affected 339 million guests globally.