The personal information of at least 5.2 million Marriott customers has been hacked, the company said. It’s the second major data breach for the company in less than two years and comes at a time when Marriottt has been shuttering hotels and laying off workers because of the coronavirus. Marriott said on its website that names, email addresses, mailing addresses, phone numbers and loyalty program information for linked companies, such as airlines, may have been affected.
It said identification and passport numbers, account passwords and credit card information were probably not affected, but an investigation is ongoing. The company first realized the breach in February, it said, and the hackers’ actions are believed to have started in the middle of January. It would only say the hackers apparently used login credentials from two employees to crack into the system.
The company sent an email to affected consumers, saying it would set up a portal for customers to see if their data was stolen. Mariott is offering those customers a year of free credit monitoring. If you were affected by the breach, there are several steps you should take even though the company hasn’t confirmed which data was accessed.
The following advisories have been issued:
• Take advantage of the free credit monitoring.
• Consider putting a security freeze on your credit reports to stop scammers from opening new credit in your name. When you need access to credit in the future, you can authorize the credit bureaus to unlock, or “thaw,” your reports. Another option is to put a fraud alert on your credit reports to make it harder for someone to open new credit in your name.
• Keep an eye on your credit reports for any unusual activity. You can do that once a year for free through AnnualCreditReport.com. Scammers sometimes hold onto information for years before they use it, so make sure you check at least annually.
• Watch out for fake emails and phone calls about the data breach from anyone claiming to represent Marriott. Marriott said it’s notifications will come from Mariott@email-Mariott.com. It’s common for scammers to capitalize on news of a hack, and they may impersonate a Mariottt employee and ask for your personal information. If you’re not sure about any links in an email, don’t click and instead go to the Marriott website to find the information.
