Call Us

Marriott Data Breach for 5.2 Million Guests

Posted on behalf of Arnold Law Firm on April 3, 2020 in Data Breach
Updated on November 4, 2025

data-breach-orange-fontNOTICE: If you have been a guest of a Marriott International, Inc. hotel property and have received an INCIDENT NOTIFICATION email, contact the Arnold Law Firm at (916) 777-7777.

On March 31, 2020, Marriott International, Inc. disclosed its second major data security lapse in less than two years. In 2018, the hotel chain discovered its first massive unauthorized data event, which exposed the confidential information of an estimated 300-500 million guests for about four years. The breach remains one of the largest in history.

Marriott’s latest data security incident involves a guest services application used by hotels operated and franchised under its various brands. The information of 5.2 million guests was accessed using the login credentials of two employees at a franchise property.

The unauthorized activity is thought to have started in mid-January 2020, continuing through the end of February 2020 when the company identified that an unexpected amount of guest information may have been accessed.

The data breach is still being investigated, but Marriott currently claims that the information involved does not include sensitive data, such as credit card or passport numbers. Compromised information may involve:

  • Full names of guests
  • Contact details, including postal and email addresses and phone numbers
  • Information relating to customer loyalty accounts
  • Personal details such as employers, gender and birth dates
  • Partnerships and affiliations, such as details of linked airline loyalty programs
  • Guest preferences, such as room preferences and languages

On March 31, 2020, the company notified affected guests of the incident by email, offering a year of free data monitoring services. Marriott has also set up an online portal for guests to check whether their personal information was breached. Customers are warned to be alert to the potential for phishing attempts to be made against them in the coming weeks. Marriott Bonvoy account holders are advised to change account passwords and to monitor their accounts for suspicious activity.

Marriott International, Inc. is based in Bethesda, Maryland, USA, and encompasses more than 6,900 properties in 30 leading hotel brands, spanning 130 countries and territories. Marriott operates and franchises hotels and licenses vacation ownership resorts around the world.

How Do I Join the Class? 

If you received a NOTICE OF DATA BREACH, you will be included automatically in the class unless you opt out and no further action will be required by you. Class members have a passive role throughout class action litigation. If the lawsuit is successful, all class members receive equal compensation, regardless of the amount of harm they suffered.

Have questions? Call us today at (916) 777-7777.