On March 31st, Marriott International notified more than 5 million guests that their personal information was compromised due to a vulnerability in the company’s app. According to the Marriott, information was accessed from mid-January through the end of February through two employees’ login credentials (passwords!), both of which were disabled upon discovery of the incident.
What this means for Marriott customers
What we know thus far is that the following information was compromised:
- Phone numbers
- Mailing addresses
- Loyalty account information
- Personal details
- Linked loyalty programs
- Room preferences
Marriott is still investigating, but does not believe Marriott Bonvoy passwords, credit card information, passport information, or driver’s license numbers were accessed. That said, if you have a Bonvoy password, it’s worth taking a minute to change it.
If you’re a Dashlane user signed up for Dark Web Monitoring, you’ll receive a security alert to notify you if your password needs to be changed, and you can update your password easily by using our Password Generator.
For those whose information was compromised, there unfortunately isn’t much additional action to take, other than to stay tuned for more updates from the company. Marriott has set up a portal for guests to get more information.
During previous corporate data breaches such as Equifax’s in 2017, numerous malicious actors created fake support and settlement websites to trick customers into giving away even more personal information. It’s important to only enter personal information into websites you recognize and trust.
What this means for businesses
Corporate security protocols and tools are only effective if your employees put them into practice. Nearly 75% of all corporate data breaches are the result of employees reusing passwords on personal and professional accounts, so it’s far more likely this breach is a byproduct of poor password hygiene than rogue employees. However, honest mistake or not, the consequences for businesses such as Marriott remain the same.
If this all sounds familiar, it’s because Marriott is less than a year removed from a more than $120M GDPR fine for a previous data breach, in which 500 million guests’ personal information was accessed over 3+ years (you can read more about that breach below). Depending on the location of customers affected by this breach, local regulators may hand out additional fines.
Customers are also taking note of what businesses they can trust. In a 2018 IBM study, 75% of global respondents said they would not buy from a company if they didn’t trust the company’s ability to protect their data.
With corporate security tools such as password managers and single sign-on, companies dramatically reduce their risk of similar scenarios. Instead of implementing a company-wide password management strategy, Marriott is likely facing millions of dollars’ worth of regulatory and reputational costs.
______
For non-Dashlane users, we’re waiving the first 3 months of Dashlane Premium for those who need Dashlane’s password manager and password sharing.
We’re also currently offering businesses a 3-month, no-cost trial of Dashlane Business for an unlimited number of employees.
Looking for more info?
Visit our online safety hub for the latest breach report and a complete guide to staying secure on the internet.
