SoylentNews is people
SoylentNews
Millions of Guests Impacted in Marriott Data Breach, Again
Millions of Guests Impacted in Marriott Data Breach, Again:
For the second time in two years, the Marriott hotel empire has suffered a major data breach. This time, approximately 5.2 million guests have been affected.
The attack was carried out via third-party software that Marriott's hotel properties use to provide guest services, according to an online notice that Marriott posted on Tuesday. The cybercriminals were able to obtain the login credentials for this system used by two employees at a franchise property; from there, they were able to access a raft of guest information.
The stolen bounty includes everything cybercrooks would need to mount convincing spear-phishing campaigns: Full contact details (names, mailing addresses, email addresses and phone numbers); other personal data like company, gender and birthdays; Marriott's "Bonvoy" loyalty program account numbers and points balances (but not passwords or PINs); linked airline loyalty programs and numbers; and Marriott preferences such as stay/room preferences and language preferences.
Marriott said that the unauthorized access likely started in mid-January and continued for about a month and a half. Upon the hack's discovery at the end of February, the hotel chain disabled the compromised logins and started an investigation. It began notifying affected guests this week.
No payment card information, passport information, national IDs or driver's license numbers were caught up in the breach, according to the notice.
Marriott Discloses New Data Breach Impacting 5.2 Million Guests
Marriott discloses new data breach impacting 5.2 million guests:
Marriott International said Tuesday that names, mailing addresses, loyalty account numbers and other personal information of an estimated 5.2 million guests may've been exposed in a data breach. This is the second major security incident to hit the hotel group in less than two years.
Marriott said it spotted that an "unexpected amount" of guest information may've been accessed at the end of February using the login credentials of two employees at a franchise property. The hotel group said information exposed may include names, addresses, emails, phone numbers and birthdays as well as loyalty account details and information like room preferences.
Marriott said the investigation is ongoing but that it doesn't believe credit card numbers, passport information or driver's license numbers were exposed.
[...] The company is sending emails to guests impacted by this latest breach and offering a year of free personal information monitoring.
Read More: Equifax, MGM Resorts and beyond: Every major security breach and data hack
(Score: 2) by dwilson on Thursday April 02 2020, @04:00PM (2 children)
Heck, that's minor. I've never in my adult life been in one that allowed check-in without providing ID -and- a credit-card for them to keep on-file, 'just in case', regardless of how you intend to pay. Even for rooms booked by and pre-paid by another company on my behalf, they still demand my credit card.
Given the choice, I'd give them ID if it meant they didn't get to copy my credit card to share with the world at their next big security fuck-up.
- D
(Score: 0) by Anonymous Coward on Thursday April 02 2020, @04:23PM (1 child)
You don't have fake credentials? Never travel without them!
(Score: 0) by Anonymous Coward on Sunday April 05 2020, @04:15AM
Good luck. There are companies that offer a service that verifies credentials in minutes.
When I signed up with an ISP they *really* wanted my DOB ... and I wanted why. Now I know. They want to ping my credit report and verify my ID. It's getting to the point that you can't sign up to an ISP without ID verification. You certainly can't get a mobile phone in Australia without 100 points of ID - a scan of your driver's licence, medicare card and a credit card.
So good luck with that fake ID. It won't be long until they require a driver's licence and your credit card has a photo on it that it stored by Visa shown to the clerk.