It seems like Marriott’s Chief Information Officer can’t get anything done right lately and every time Marriott announces something, it’s bad news. Back in 2018, Marriott suffered a massive data breach where personal identifying information belonging to over 500 million customers was compromised. That was a huge learning lesson for Marriott and you figure they would have put some serious security measures in place to prevent future compromises. But I’m guessing not as less than two years later, Marriott just announced another data breach where personal identifying information belonging to another 5.2 million customers was compromised.
5.2 million doesn’t seem as egregious as 500 million but if you have ever been a victim of identity theft, you know it’s not a fun process to go through and clean up your credit. This data breach occurred from mid-January 2020 to the end of February 2020 after login credentials belonging to two franchise employees were accessed. Marriott did not disclose how the login credentials were accessed or from which franchise location(s) they worked at.
The data compromised includes:
- Guest information including names, physical addresses, email addresses, phone numbers, dates of birth, company and employer information, gender and personal preferences such as preferred language, room types, etc.
- Marriott Bonvoy account information including account numbers and points balances but fortunately, no passwords or credit card information were compromised.
- Guest partnerships and affiliations with other loyalty accounts including linked airline frequent flier numbers.
How and why do franchise employees have this much access to our personal data??!! Do they need all this??
If your data was compromised, Marriott should have sent you an email notifying you of the data breach and an offer to sign up for free credit monitoring. Make sure to double-check your spam email folder if you haven’t received anything from Marriott. The affected customers will receive one year of Experian IdentityWorks credit monitoring for free. Of all the products offered by Experian, this is actually one of the least beneficial ones as it doesn’t even offer the ability to lock or unlock your Experian credit profile. Needless to say, you should probably change your Marriott account password, enable two-factor authentication, and make sure it’s not the same password belonging to your other email or loyalty accounts.
If you are affected, you must enroll for Experian IdentityWorks by June 30, 2020. There is an activation code provided in your Marriott notification email.