DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Marriott notifies associates of breach at unnamed vendor

Posted on November 2, 2019 by Dissent

In a year that has seen a number of reports that suggest how costly a past data breach may be for Marriott in Canada as well as the U.K. and U.S., Marriott is disclosing yet another breach.

On October 30, Marriott International notified the California Attorney General’s Office of a breach at an unnamed vendor that impacted some of its associates.  Their notification described the incident this way:

Marriott learned on September 4, 2019, that an unknown person gained access to information about certain Marriott associates by accessing the network of an outside vendor formerly used by Marriott. Once we became aware, Marriott immediately confirmed that the vendor was taking appropriate to steps to investigate the incident. The vendor reported that it was working with a forensic firm and had notified law enforcement. This vendor served as Marriott’s agent for receiving service of official documents, such as subpoenas and court orders. A document containing your information was sent to this vendor, and it was accessed during the incident. This incident did not impact the security of Marriott’s internal HR systems or platforms.

What Information Was Involved
The information in the document received by this vendor that contains your information includes your name, address, and Social Security number.

The date of the breach at the vendor’s was not disclosed.

Marriott is offering those notified one year of complimentary protection services with Experian’s® IdentityWorksSM Credit 3B program.

In an Appendix to their submission, Marriott disclosed that the documents that were accessed included documents relating to 1,552 California residents. The total number of individuals impacted was not disclosed.  Marriott also noted it “has already
terminated its relationship with the vendor,” and the vendor has confirmed that it
securely removed all information regarding Marriott associates from its network.

DataBreaches.net sent an email inquiry to Marriott seeking clarification as to whether the vendor was a former vendor at the time of the breach or only became a former vendor because of the breach. This site also inquired as to the total number of associates, nationwide, that were impacted. Other details were also requested. This post will be updated if a response is received.

Update:  On Nov 4., this site received a response from Jeff Flaherty, Global Communications & Public Affairs for Marriott. They did not answer any of this site’s questions:

Although we understand your interest, Marriott’s notification that you saw on the California Attorney General’s website contains the information that Marriott is providing. Marriott is notifying all associates involved. If you do choose to use any of the information provided, please attribute to a Marriott spokesperson. Thank you.

 

Related posts:

  • EXCLUSIVE: Marriott hacked again? Yes. Here’s what we know.
  • Hungarian Citizen Pleads Guilty to Hacking into Marriott Computers and Attempting to Extort Employment from the Company
  • Marriott says data breach compromised info of up to 500 million guests
  • FTC Takes Action Against Marriott and Starwood Over Multiple Data Breaches
Category: Breach IncidentsBusiness SectorSubcontractor

Post navigation

← Brooklyn Hospital Center notifies patients after data could be not be recovered after malware attack
Ca: Digital pirates search for prey in Southwestern Ontario →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.