Marriott International has been involved in a second massive data breach, with records from 5.2 million customers potentially compromised.
Hotel guests’ names, loyalty account information and other personal details may have been accessed, the company said.
The information taken may also have included names, addresses, phone numbers, birthdays, loyalty information for linked companies like airlines and even room preferences.
However, the company said it does not believe credit card information or passport numbers have been leaked.
Marriott said it noticed an unexpected amount of guest information was accessed at the end of February using the login credentials of two employees at a franchised property.
The company added it believes the activity began in mid-January, adding it had since disabled those logins and is assisting authorities in their investigation.
Marriott has 7,300 hotel and resort properties across 134 countries, including the Ritz-Carlton, Sheraton and Westin chains.
The company said it carries insurance, including cyber insurance, commensurate with its size and the nature of its operations, and the company is working with its insurers to assess coverage.
In what is sure to be a relief to guess, the company said it does not currently believe that its total costs related to this incident will be “significant”.
In November 2018, Marriott announced a massive data breach in which hackers accessed information on as many as 383 million guests.
In that case, Marriott said unencrypted passport numbers for at least five million guests were accessed, as well as credit card information for 8.6 million guests.
The affected hotel brands were operated by Starwood before it was acquired by Marriott in 2016.