Skip to Content
© Wisky | Dreamstime.com
Security & privacy

5.2 million users exposed in massive data breach

Even in the midst of a global pandemic, cybercriminals are going to cybercriminal. You’d hope drastic situations like the coronavirus outbreak would bring out the best in people but sadly, that’s not the case.

We’ve already seen tons of COVID-19 related scams spreading. Tap or click here for ways to avoid falling victim.

Now, we just found out about a more traditional cyberattack. Millions of people had their personal information exposed in a massive data breach at a popular hotel chain.

Has your private data been stolen?

Marriott International announced this week that it was hit with a huge data breach. The company has a history of breaches like this, with one impacting hundreds of millions of guests a little over a year ago. Tap or click here for the details.

Here’s what happened in the most recent incident. At the end of February 2020, Marriott noticed an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.

The company said it believes this activity began in mid-January this year and it disabled the stolen credentials immediately. But not before up to 5.2 million guests’ private information was exposed.

What information was accessed?

According to Marriott, the following information may have been accessed by cybercriminals:

  • Contact details – This includes name, mailing address, email address and phone number.
  • Loyalty Account number – Account numbers and points balances were accessed but not passwords.
  • Additional personal information – This could include the company you work for, gender, birthday day and month.
  • Partnerships and Affiliations – Linked airline loyalty programs and numbers.
  • Preferences – Stay/room preferences and language preferences.

At this time, Marriott says payment information was not part of the breach. Also, Marriott’s loyalty program, Marriott Bonvoy, account passwords and PINs were not impacted.

The company sent emails this week to notify guests who were involved in the breach. If you didn’t receive one but think you may be impacted, there is a way to find out.

Marriott created a self-service online portal you can use to see if your information was included in the incident. It also has a list of what information was exposed. Just enter your name, email, country/region and hit submit.

You’ll be sent a confirmation email from this email address: [email protected] Click on the link within the message and Marriott will start your request. Once your results are in, Marriott will contact you with details. You can also call a dedicated call center for guests to get more information at 800-598-9655.

You may also like: 5 apps to make managing stress and anxiety easier right now

That phone number is for people in the U.S. and Canada, and the call center is available Monday through Friday from 8 a.m. to 8 p.m. Eastern.

How to protect your information

With all data breaches, there are certain security steps you should take to make sure you’re protected. This Marriott breach is no different. Here are some helpful suggestions:

Protect your identity

If a criminal gets their hands on personal information like what was exposed in this data breach, one thing they can do is steal your identity. With a little more research, crooks can open credit lines in your name, take out personal loans and more.

That’s why it’s important to enroll with a monitoring service you can trust. We recommend IdentityGuard. Get up to 33% off for Kim’s audience only, with plans starting at less than $7 a month at IdentityGuard.com/Kim.

Keep an eye on your bank accounts

You should also regularly check your bank accounts and credit card statements. Watch for any suspicious activity and if you find anything unusual, report it to your financial institution immediately.

Change your passwords

Marriott claims passwords were not exposed in this breach but it’s always better to be safe than sorry. Change passwords ASAP for all of your online accounts and make sure to have unique ones for each. Tap or click here for help in creating strong passwords.

Freeze your credit

A credit freeze can prevent an identity thief from opening financial accounts in your name. It will also help you monitor credit report activity or fraud that you may have otherwise missed. Tap or click here to find out how to set up a credit freeze.

Use 2FA where available

Data breaches like this one show just how important it is to have more than one way to verify it’s you logging into your online accounts. Two-factor authentication (2FA) should be used whenever it’s available. Tap or click here for details on setting up 2FA.

Beware of phishing scams

If anyone calls or otherwise contacts you purporting to be from Marriott or a Marriott brand hotel, do not provide sensitive information like credit/debit card numbers, bank account details, online account data or passwords.

Marriott wants everyone to know it will never call or email you to ask for this information by phone or email.

This breach happened recently, so there’s no time to waste in implementing these security procedures. We’ll also let you know if there are any major updates to this security incident. The best way to stay on top of events likes these is to sign up for Kim’s free Alerts newsletter.

Stop robocalls for good with Kim’s new eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook