Hotel chain Marriott International announced Tuesday that a data breach had compromised the personal information of about 5.2 million guests, the company's second major breach in as many years.
The latest breach involves names, birthdays, emails, phone numbers and Marriott account numbers, though the company said not all of those personal details were compromised for every guest.
Marriott said it discovered the breach at the end of February, and believes the data was accessed through the login credentials of two employees beginning in mid-January. The credentials were later disabled and the authorities alerted.
“Although Marriott’s investigation is ongoing, the company currently has no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers,” the company said in a statement.
Notices will start to be sent to all affected guests starting Tuesday, Marriott said, adding that there's a website and call center to allow customers to access more information on the breach and next steps.
The hotel chain's previous breach stemmed from a hack of its Starwood guest reservation database in 2018 that exposed the personal information of at least 383 million customers, including passport numbers.
Investigators concluded that Chinese hackers were behind the breach and that it was part of an effort by China to build out a database that includes names and information of U.S. government officials.
The new breach comes on the heels of Marriott International announcing it would begin furloughing employees due to the coronavirus pandemic. The company has around 130,000 employees in the United States.