International hotel chain Marriott has suffered another major data breach affecting millions of customers.
In an announcement posted on the company's website, Marriott confessed that roughly 5.2 million people have had their data accessed by an unknown third party.
The breach occurred in mid-January this year and lasted until it was discovered earlier this week.
The company says that while customer contact info was taken – more detailed information, including payment data, is safe. Phone numbers, email addresses and physical addresses were accessed, but details such as credit card information, account passwords or PIN numbers, passport information, ID numbers or driver's license numbers weren’t accessed.
Marriott says that once it discovered the breach, the company “implemented heightened monitoring” and kicked off an investigation. It says it has contacted the impacted customers earlier this week, and that all Marriott Bonvoy members affected have had their account passwords disabled and should change them now.
Allegedly, whoever is behind the data breach used the login credentials of two employees at a franchise property to access the data.
This is not the first time Marriott has had trouble securing its customer data. Back in 2018, its chain Startwood was breached and personal information of more than 300 million was taken. China was accused, with the media arguing that the evidence pointed towards the country’s Ministry of State Security. The company was fined roughly $124 million for the breach.