Marriott Loyalty App Data Breached

Forum Moderators: open

Message Too Old, No Replies

Marriott Loyalty App Data Breached

engine

3:12 pm on Apr 1, 2020 (gmt 0)

The hotel chain, Marriott, has reported a data breach of 5.2 million guests using its loyalty app.

The hotel chain said that the intruder(s) had direct access to Marriott Bonvoy loyalty data such as:

Contact details (e.g., name, mailing address, email address, and phone number)
Loyalty Account Information (e.g., account number and points balance, but not passwords)
Additional Personal Details (e.g., company, gender, and birthday day and month)
Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers)
Preferences (e.g., stay/room preferences and language preference)

[zdnet.com...]

I had one of those loyalty schemes there, but it's old and i've not used it for quite a while.

lammert

4:12 pm on Apr 1, 2020 (gmt 0)

It is not only the news that a hacker gained access to client information, which is hardly any news anymore. But the way the hacker was able to access the data is through the accounts of employees of a franchise. That indicates that not only Marriot itself, but also their franchisers have access to a full data download of their clients. I can imagine that you allow franchisers to access the data of guests on a one-by-one base, but giving franchisers access to the full bunch of data is IMHO a data breach by itself, or at least an example of really bad data security structure planning.