For Marriott Hotels, Lightning Does Strike Twice In New Data Breach Affecting 5.2 Million

Published on March 31, 2020

Well, folks, it’s happened again. Contrary to the very naive and ignorant belief that “lightning doesn’t strike twice”, sadly to say doesn’t hold true when it comes to cyber-security and data privacy. Two-years following the November data breach Marriott suffered along with approximately 339 million guests, the hotel chain announced on its website on Tuesday that it happened again.

If you’ll remember, back in November 2018, Marriott discovered that black-hatters gained unauthorized access to the hotel’s Starwood network and had been since as early as 2014.

With Tuesday’s announced breach, now 5.2 million more guests have something to worry about. The incident was published on the hotel chain’s website on Tuesday, notifying consumers that it spotted unusual activity occurring in an app that guests use to regularly access services during their stay with Marriott Hotels.

What Happened This Time?

In a company statement, Marriott explained that:

“At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. We believe this activity started in mid-January 2020.”

Marriott immediately confirmed that the login credentials were disabled, beginning soon thereafter, its investigation, implementing heightened monitoring, and arranging resources to help inform and assist guests.

“Internal and external security teams have been working hard to investigate the incident, implement additional security measures, and address what was found”, the company went on to explain in its statement.

What Was Taken?

From Marriott’s initial disclosure, information including guest contact information, Loyalty account information, and additional personally sensitive information such as gender and date of birth were taken.

“We believe that the following information may have been involved, although not all of this information was present for every guest involved.”


  • Contact details (e.g., name, mailing address, email address, and phone number)
  • Loyalty Account Information (e.g., account number and points balance, but not passwords)
  • Additional Personal Details (e.g., company, gender, and birthday day and month)
  • Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers)
  • Preferences (e.g., stay/room preferences and language preference)

In response to this breach, Marriott will be emailing guests with information about steps they can take, including enrolling in the IdentityWorks online information monitoring service, free of charge for 1-year. It is provided by credit bureau agency Experian.

“We want you to be confident that the email notification you receive is from Marriott. The email was sent from [email protected] because this is the standard email account used to communicate with our guests.”

We also want you to be aware that when other companies have provided notifications like this, ill-intentioned people used the opportunity to try to trick individuals into providing information about themselves through the use of links to fake websites (phishing) or by impersonating someone they trust (social engineering). Please note that the email you may receive from us will not contain any attachments or request any information from you.

For now, the hotel chain has advised Marriott Bonvoy account holders to change account passwords and to monitor their accounts for suspicious activity.

And yes, lightning does strike twice. It’s not if a breach happens…it’s when.

Andrew "Drew" Rossow is a former contract editor at Grit Daily.

Read more

More GD News