Marriott Discloses New Data Breach Impacting 5.2 Million Guests
upstart writes in with an IRC submission for Bytram:
Millions of Guests Impacted in Marriott Data Breach, Again:
For the second time in two years, the Marriott hotel empire has suffered a major data breach. This time, approximately 5.2 million guests have been affected.
The attack was carried out via third-party software that Marriott's hotel properties use to provide guest services, according to an online notice that Marriott posted on Tuesday. The cybercriminals were able to obtain the login credentials for this system used by two employees at a franchise property; from there, they were able to access a raft of guest information.
The stolen bounty includes everything cybercrooks would need to mount convincing spear-phishing campaigns: Full contact details (names, mailing addresses, email addresses and phone numbers); other personal data like company, gender and birthdays; Marriott's "Bonvoy" loyalty program account numbers and points balances (but not passwords or PINs); linked airline loyalty programs and numbers; and Marriott preferences such as stay/room preferences and language preferences.
Marriott said that the unauthorized access likely started in mid-January and continued for about a month and a half. Upon the hack's discovery at the end of February, the hotel chain disabled the compromised logins and started an investigation. It began notifying affected guests this week.
No payment card information, passport information, national IDs or driver's license numbers were caught up in the breach, according to the notice.
Read more of this story at SoylentNews.