Marriott discloses second security breach in 16 months

Media Contacts

Greater corporate responsibility needed to protect consumers from cyber breaches


WASHINGTON — Marriott, the world’s largest hotel chain in terms of guest rooms, disclosed Tuesday that up to 5.2 million customers were impacted by a security breach related to the company’s loyalty app. This is the second major breach of Marriott’s guest data in less than a year and half. The previous breach in November 2018 affected approximately 383 million guests.

In response, Ed Mierzwinski, U.S. PIRG’s senior director for federal consumer programs, issued the following statement:

“Marriott says it doesn’t believe that credit card numbers were taken in the latest breach exposing the personal data of up to 5.2 million customers. So what? Consumers are not accountable for existing account credit card fraud, their banks are. Nevertheless, consumers should still be on guard. 

“What Marriott is calling a “property system incident” makes excellent bait for spear phishers seeking to exploit personal information to target employees at specific companies or government agencies. Marriott guests should be wary of emails or phone calls appearing to be from Marriott or other legitimate sources, based on the large amount of personal details — including birth dates, number of loyalty points and cell phone and email addresses — that Marriott admits may have been taken in the heist.

“This second reported Marriott breach in 16 months, although much smaller than the first, (which Trump administration officials told the New York Times was pulled off by Chinese hackers), points out the need for strong laws allowing consumers to hold companies accountable for privacy harms. For more information on what consumers can do to protect themselves, see U.S. PIRG’s privacy and identity theft tips.”