Marriott Data Breached Again: Personal Information From Over 5 Million More Accounts Compromised

After disclosing one of the biggest data breaches in history at the end of 2018, Marriott is sharing another data breach.

Last time Marriott negligence exposed customer passport and credit card details. My passport and credit card details were included. The U.K. proposed a $123 million GDPR fine.

Just to show that bad publicity, degraded customer trust, and massive fines alone can’t put Marriott on the straight and narrow, it turns out that this year details of 5.2 million guests were obtained using employee login credentials from a franchise property.

Compromised information may involve contact details, including postal and email addresses and phone numbers; information relating to customer loyalty accounts, but not passwords; personal details such as employers, gender and birth dates; partnerships and affiliations, such as details of linked airline loyalty programmes; and guest preferences, such as room preferences and languages.

Marriott says customers are being notified today if they were among those whose details were compromised (again). You can request information on whether you were a part of this. These members have had their Marriott Bonvoy accounts locked. So, doubly inconvenienced, because dealing with Marriott IT or customer service is probably worse than getting hacked.

About Gary Leff

Gary Leff is one of the foremost experts in the field of miles, points, and frequent business travel - a topic he has covered since 2002. Co-founder of frequent flyer community, emcee of the Freddie Awards, and named one of the "World's Top Travel Experts" by Conde' Nast Traveler (2010-Present) Gary has been a guest on most major news media, profiled in several top print publications, and published broadly on the topic of consumer loyalty. More About Gary »

More articles by Gary Leff »


  1. Marriott is slowly losing it’s way, too big, maybe. Sorenson may need a gut check look around him and see if he is really effectually managing Marriott or is Marriott managing him? Can we FF trust Marriott?

    Sorenson has so far mismanaged this crisis we’re in Hilton among others have gotten out ahead of Marriott with refunds, assuring their FF’s with extensions etc. Makes one wonder if Hilton might be the chain the go to when traveling comes back. I know in consolidating my accounts during this down time, odd cc points I have transferred to Hilton rather than Marriott.

    I wonder how many people are taking this time to consolidate accounts and cc’s?

    Wash your hands Gary

  2. Just one more reason I’m glad I made the decision this year to move my loyalty from Marriott to Hilton this year. I downgraded my Marriot card, used up the last of my points at the beginning of the year, and I’m not going back.

    Sure Marriott may have a few more aspirational hotels, but they’ve devalued their points to comparable to Hilton, they’re customer service is atrocious, their response to the COVID is embarrassingly poor, and now this..again?

    It’s just one thing after another and it’s more than just “noise around the edges.” Sadly Marriott has become just like the airlines, too big to really give a crap about their customers.

  3. The link where one can request information if I was included takes me there but after I fill out my information and use captcha nothing happens…

  4. Until governments take serious action (not just fines which eventually get passed to the consumer), there is no reason for corporations to care since it is far cheaper to offer 12 months of credit monitoring than to constantly upgrade the security of its systems.

  5. Gary, have you used the link you provided? At the end all it does is say they will get back with me. Shouldn’t it be immediate as to acknowledge whether I’m included in the data breach?

  6. I’m looking forward to hear the site where you can ask if your info got compromised gets compromised.

  7. Gary, it’s odd that the email notification I received from Marriott about this breach was sent to an email address that is not in my Marriott profile. Has anybody received actual verbal verification from Marriott about this breach? I received an email notification from Marriott, but my partner did not. I wonder if the site referred to in the notification email is a phishing site as the notification I received from Marriott comes from (not Also, wouldn’t Marriott know who was affected? Why does it appear that they are asking for us to contact them to ask if we’re affected? Or, am I just too suspicious?

  8. “Just one more reason I’m glad I made the decision this year to move my loyalty from Marriott to Hilton this year. I downgraded my Marriot card, used up the last of my points at the beginning of the year, and I’m not going back.”

    As everyone should. Even before this latest breach Hilton made it clear that it was pro-guest and understood the horrors of the pandemic. Marriott’s corporate reaction was: “Whatever.”

    So we peons have reacted accordingly: “Whatever.” Other brands have our loyalty.

Leave a Reply

Your email address will not be published.