The personal information of approximately 5.2 million guests may have been exposed in a data breach at Marriott International early in 2020, the company said Tuesday.
Guest information may have been accessed between mid-January and the end of February using the login credentials of two employees at a franchise property.
Upon discovery, the login credentials of those two employees were disabled. Marriott immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests, an announcement from the hospitality provider said. The company also notified authorities.
The information exposed in the breach may include names, addresses, emails, phone numbers, employer, birthday, gender, loyalty account details, and information like room and language. preferences.
Payment card information, passport information, national IDs, or driver’s license numbers are not believed to be exposed.
The company doesn’t believe the costs related to the incident will be significant, the announcement said, though it carries insurance that includes cyber insurance.
Marriott is sending emails to guests involved. In response to a request for comment, a company spokesperson referred NJBIZ to Marriott’s website.