DELBO ANDREA/Shutterstock

Marriott data breach involves 5.2 million hotel guests

This marks the company’s second major data security incident since November 2018


Marriott announced on March 31 that an application its hotels use to provide guest services has been compromised, exposing approximately 5.2 million guests’ personal information. The company doesn’t believe any payment card information was stolen.

The content on this page is accurate as of the posting date; however, some of our partner offers may have expired. Please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

More than 5.2 million Marriott guests’ information was compromised in an application its hotels use to provide guest services – the company’s second major data breach since November 2018.

The company announced on March 31 that if you stayed at a Marriott hotel between mid-January 2020 and the end of February 2020, your information might be at risk. The company thinks the application “may have been accessed using the login credentials of two employees at a franchise property.”

If you’re concerned that your information might have been compromised, you can use Marriott’s online tool to see if you’ve been affected.

See related: Identity theft in 2020: What you need to know about common techniques

Compromised data may include contact and personal details

On its website, Marriott listed the information that might have been compromised, noting that not every guest had provided all of following data.

The breached data may include:

  • Contact details, such as your name, address and phone number
  • Loyalty account number and points balance
  • Personal details, such as your gender, birthday and company
  • Linked airline loyalty programs and numbers
  • Preferences regarding stays and language

Marriott also said it has no reason to believe guests’ payment card information, account passwords, passport information, IDs or driver’s license numbers were compromised.

See related: As data breaches increase, here’s how to cut your identity fraud risk

How Marriott is responding 

When Marriott discovered the breach, it disabled the two employees’ login credentials and launched an investigation, notifying the authorities.

Marriott also set up resources for guests to gain information regarding their accounts, in addition to notifying guests about the breach via email on March 31.

Guests can use the company’s self-service portal to find out if they have been affected and a dedicated call center open from 8 a.m. to 8 p.m. EDT, Monday through Friday. U.S. customers can call (800) 598-9655.

See related: Coronavirus: Can credit card travel insurance help?

What to do if you think your information was compromised

Check your credit card statements for any unauthorized activity. If you discover a fraudulent charge, contact your card issuer immediately and consider freezing your credit so your credit report cannot be accessed.

Cardholders are not typically responsible for this type of activity, but you must report it as soon as possible.

In addition, consider enrolling in Experian’s personal information monitoring service IdentityWorks, which is free for one year compliments of Marriott, if you sign up by June 30, 2020.

Editorial Disclaimer

The editorial content on this page is based solely on the objective assessment of our writers and is not driven by advertising dollars. It has not been provided or commissioned by the credit card issuers. However, we may receive compensation when you click on links to products from our partners.

Credit Card Rate Report
Cash Back

Questions or comments?

Contact us

Editorial corrections policies

Learn more