Marriott Was Hacked -- Again

2020-04-02T16:33:42
ID SCHNEIER:EE8A8EF2CCC9B23B4C603AE3D17A2315
Type schneier
Reporter Bruce Schneier
Modified 2020-04-02T16:33:42

Description

Marriott announced another data breach, this one affecting 5.2 million people:

> At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved: > > * Contact Details (e.g., name, mailing address, email address, and phone number) > * Loyalty Account Information (e.g., account number and points balance, but not passwords) > * Additional Personal Details (e.g., company, gender, and birthday day and month) > * Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers) > * Preferences (e.g., stay/room preferences and language preference)

This isn't nearly as bad as the 2014 Marriott breach -- made public in 2018 -- which was the work of the Chinese government. But it does call into question whether Marriott is taking security seriously at all. It would be nice if there were a government regulatory body that could investigate and hold the company accountable.