Marriott International has announced that it may have been hit by a second data breach affecting up to 5.2 million guests.
The hotel group announced in November 2018 that its Starwood database had been hacked over a four-year period with the information of around 500 million guests compromised.
Marriott has now said that, at the end of February 2020, guest information may have been accessed using the login credentials of two employees at a franchise property. The company believes that this activity started in mid-January 2020.
On discovery, the logins were disabled, the company immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Marriott also notified relevant authorities and is supporting their investigations.
Although Marriott's investigation is ongoing, the company has no reason to believe that the information involved included payment card information, passport information, national IDs, or driver's licence numbers, although it is believed the information could include names, addresses, email addresses and phone numbers.
Marriott is sending emails to guests involved today and has set up a dedicated website and call centre resources with additional information for guests.