On top of everything we have to worry about these uncertain days, if you stayed at a Marriott brand hotel or resort recently, you should be worrying about identity theft and other personal security issues.
There’s been a massive security breach – since I stayed at one recently, I am personally at risk. Maybe you, too.
Marriott does not identify the hotel or resort or brand name, but the breach is through the Marriott Bonvoy loyalty program, which links your credit card information, name and address, US Passport information, driver’s license, employer’s name and other important personal data.
This is serious stuff.
And it reminds us all to check credit card and bank statements regularly for indications of fraudulent charges or withdrawals.
This security breach was announced in March 2020,
when this article was published.
Marriott has 32 brands, and you may have stayed at one of them even if it was not named Marriott.
- AC Hotels
- Aloft Hotels
- Autograph Collection Hotels
- Bulgari Hotels
- Courtyard by Marriott
- Design Hotels
- Fairfield Inn & Suites
- Four Points
- Gaylord Hotels
- Homes & Villas by Marriott International
- JW Marriott
- Le MERIDIEN
- Marriott Executive Apartments
- Marriott Hotels
- Marriott Vacation Club
- Moxy Hotels
- Protea Hotels
- Renaissance Hotels
- Residence Inn
- Ritz-Carlton Reserve
- Springhill Suites by Marriott
- St. Regis
- The Luxury Collection
- TownePlace Suites
- Tribute Portfolio
- W Hotels
Since I stayed recently at a Marriott brand location, this is what the company sent me by email:
We are writing to let you know that some of your information may have been accessed without authorization.
We are sorry that this occurred, and this message explains what happened, how we can assist you, and steps you can take.
Hotels operated and franchised under Marriott’s brands use an application to help provide services to guests at hotels.
At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.
We believe this activity started in mid-January 2020.
Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests.
Your information was among the information that appears to have been accessed.
Although Marriott’s investigation is ongoing, we currently have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.
At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved:
|●||contact details (e.g., name, mailing address, email address, and phone number)|
|●||loyalty account information (e.g., account number and points balance, but not passwords)|
|●||additional personal details (e.g., company, gender, and birthday day and month)|
|●||partnerships and affiliations (e.g., linked airline loyalty programs and numbers)|
|●||preferences (e.g., stay/room preferences and language preference)|
We have set up a dedicated website (www.mysupport.marriott.com) where you can find more information.
We have also established dedicated call center resources, which can be reached by calling the numbers below.
The call center resources will be staffed during ordinary business hours in the United States, 8:00am-8:00pm EDT Monday through Friday. Language support will be provided in English and French, and additional translation services will be available upon request.
Where available, Marriott is offering guests involved the option to enroll in IdentityWorks, a personal information monitoring service, free of charge for 1 year.
This service will be provided by Experian, a global data and information services provider.
This is an optional service that allows you to identify information that you would like to have the service monitor; how much information to include in the monitoring is completely up to you.
Any information that you provide to Experian will only be used by Experian for the sole purpose of the monitoring service.
Due to regulatory and other reasons, IdentityWorks or similar products are not available in all countries/regions.
IdentityWorks is currently available in Australia, Brazil, Canada, Germany, Hong Kong, India, Ireland, Italy, Mexico, New Zealand, Poland, Singapore, Spain, the United Kingdom, and the United States.
Language support for online enrollment is available in English, French, French Canadian, German, Italian, Portuguese, and Spanish.
|○||To use IdentityWorks to start monitoring your personal information please follow the steps below:|
|◾||Ensure that you enroll by June 30, 2020 (your code will not work after this date.)|
|◾||Visit the Experian IdentityWorks website to enroll:|
|◾||Provide your activation code:|
|•||US Residents: 2CZM8QXV6|
|•||Non-US Residents: 3F23BXQ3X|
|●||If you are a Marriott Bonvoy member:|
|○||Even though we currently have no reason to believe that passwords were involved in the incident, we have disabled your existing Marriott Bonvoy password, so when you log in to your Marriott Bonvoy account at Marriott.com, you will be prompted to change your password.|
|○||You will also be prompted to enable multi-factor authentication to further protect access to your account.|
|●||We have notified relevant authorities and are supporting their investigations.|