Marriott International Inc announced in late-March 2020 that there was a breach in its computer system, giving hackers access to 5.2 million hotel guests’ financial information. This is the second such breach in two years, following up a November 2018 incident where information on 400 million customers in its guest reservation database was exposed.

What the hackers got

The hackers accessed an “unexpected amount of information” between mid-January and February of 2020 using log-in information of two employees. While the 2018 incident revealed passport numbers and credit card information, this was not the case in 2020.

The recent information exposed included:

  • Birth dates
  • Names
  • Mailing addresses
  • Loyalty information (such as frequent flyer miles balances with airlines)

Marriott takes a hit

The hotel chain alerted those affected by this hack. It also launched a call center and website to provide information and support to the customers. While it claims that the damage was minimal and will not be expensive to resolve, it is not good optics for a company that previously had a massive data breach. The timing of the incident going into a downturn in the economy due to COVID-19 and evaporation of travel is also a real problem. The chain has already furloughed thousands of employees, temporarily closed hotels, and its stock shares are down as part of a broader downturn.

Another cautionary tale

Security gaps can irreparably damage a business’s reputation, ability function and its bottom line. The recent hack involved access using two employees’ information, which is a prime example of why it is essential to train and retrain employees about cybersecurity protocols.  Some believe cybersecurity is a tech issue, but business law professionals can often help companies update their manuals and training as well as address criminal behavior by employees or those outside the company.