Hotel chain Marriott disclosed today a security breach that impacted more than 5.2 million hotel guests who used the company's loyalty app.
According to a breach notification posted on its website, the hotel chain learned of the security breach at the end of February, when it discovered that a hacker had used the login credentials of two employees from one of its franchise properties to access customer information from the app's backend systems.
Marriot says the hack dated back to mid-January but did not disclose additional details about how it happened.
The hotel chain said that the intruder(s) had direct access to Marriott Bonvoy loyalty data such as:
Loyalty Account Information (e.g., account number and points balance, but not passwords)
Additional Personal Details (e.g., company, gender, and birthday day and month)
Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers)
Preferences (e.g., stay/room preferences and language preference)
The hotel said that at this moment in the investigation, it did not believe that the hacker did not gain access to account passwords, account PINs, payment card information, passport information, national IDs, or driver's license numbers.
Marriott launched a web portal where the app's users can check if they're one of the 5.2 million users impacted by the security breach, and what data the hacker might have accessed.