The following comment was made by Ed Mierzwinski, Senior Director of Federal Consumer Services at US PIRG: “What Marriott is calling a “property system incident” makes an excellent lure for spear phishers who want to use personal data to threaten workers at other companies or government agencies. Marriott guests should be careful, based on a vast volume of personally identifiable information-including birth dates, numbers of loyalty points, mobile phone accounts, and email addresses-that Marriott acknowledges that they may have received in the heist of emails, phone calls, and email addresses. The organization claims that Upto 5.2 million visitors’ information may have breached. The following information could have been used, but not all this information was available for all active guests:
contact details (e.g., name, mailing address, email address, and phone number) loyalty account information (e.g., account number and points balance, but not passwords) additional personal details (e.g., company, gender, and birthday day and month) partnerships and affiliations (e.g., linked airline loyalty programs and numbers) preferences (e.g., stay/room preferences and language preference)