Millions of Guests Impacted in Marriott Data Breach, Again:
For the second time in two years, the Marriott hotel empire has suffered a major data breach. This time, approximately 5.2 million guests have been affected.
The attack was carried out via third-party software that Marriott's hotel properties use to provide guest services, according to an online notice that Marriott posted on Tuesday. The cybercriminals were able to obtain the login credentials for this system used by two employees at a franchise property; from there, they were able to access a raft of guest information.
The stolen bounty includes everything cybercrooks would need to mount convincing spear-phishing campaigns: Full contact details (names, mailing addresses, email addresses and phone numbers); other personal data like company, gender and birthdays; Marriott's "Bonvoy" loyalty program account numbers and points balances (but not passwords or PINs); linked airline loyalty programs and numbers; and Marriott preferences such as stay/room preferences and language preferences.
Marriott said that the unauthorized access likely started in mid-January and continued for about a month and a half. Upon the hack's discovery at the end of February, the hotel chain disabled the compromised logins and started an investigation. It began notifying affected guests this week.
No payment card information, passport information, national IDs or driver's license numbers were caught up in the breach, according to the notice.
Marriott discloses new data breach impacting 5.2 million guests:
Marriott International said Tuesday that names, mailing addresses, loyalty account numbers and other personal information of an estimated 5.2 million guests may've been exposed in a data breach. This is the second major security incident to hit the hotel group in less than two years.
Marriott said it spotted that an "unexpected amount" of guest information may've been accessed at the end of February using the login credentials of two employees at a franchise property. The hotel group said information exposed may include names, addresses, emails, phone numbers and birthdays as well as loyalty account details and information like room preferences.
Marriott said the investigation is ongoing but that it doesn't believe credit card numbers, passport information or driver's license numbers were exposed.
[...] The company is sending emails to guests impacted by this latest breach and offering a year of free personal information monitoring.
Read More: Equifax, MGM Resorts and beyond: Every major security breach and data hack
(Score: 2) by TheRaven on Friday April 03 2020, @09:08AM
sudo mod me up