Associates of Marriott International have been notified of an incident that has resulted in their Social Security numbers (SSNs) being exposed.
On September 4, Marriott had discovered that an unknown person had gained access to sensitive information by accessing the network of an outside vendor formerly utilised by Marriott.
After becoming aware of the incident, the vendor had confirmed that it was taking the appropriate steps to investigate the incident, and that it was working with a forensic firm. In addition, law enforcement has also been notified.
In a letter to the impacted individuals by Peggy Hassinger, Vice President, Associate Relations, it reads:
“This vendor served as Marriott’s agent for receiving service of official documents, such as subpoenas and court orders. A document containing your information was sent to this vendor, and it was accessed during the incident.”
The sensitive information exposed by the vendor includes names, addresses, and Social Security numbers.
At least 1,552 individuals have been impacted – to which Marriott is providing them with access to resources to monitor for misuse of their information.
Additionally, the individuals will receive a complimentary one-year membership in Experian’s IdentityWorks Credit 3B.
“We have been in frequent contact with the vendor since we learned what occurred to ensure appropriate action is being taken in response.”
Marriott has terminated its relationship with the vendor. The vendor has also confirmed that it has securely removed all information regarding the associates from its network.
In comparison to the data breach disclosed last year where the personal details of 383 million guests were accessed, this seems minor.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/