Hotel chain Marriott has confirmed a data breach that impacted approximately 5.2 million hotel guests. The leak has come to light at the end of February 2020, when the company has discovered that personal information of hotel guests may have been accessed using the login credentials of two employees at an unnamed franchise property.

Marriott said the hack dated back to mid-January.

“Upon discovery, the company confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Marriott also notified relevant authorities and is supporting their investigations,” the company said in a statement.

According to Marriott, the following information may have been involved in the breach:

• contact details (e.g., name, mailing address, email address, and phone number)

• loyalty account information (e.g., account number and points balance, but not passwords)

• additional personal details (e.g., company, gender, and birthday day and month)

• partnerships and affiliations (e.g., linked airline loyalty programs and numbers)

• preferences (e.g., stay/room preferences and language preference)

The company says currently it has no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.

This is the second data breach the hotel giant has suffered in the last two years. In November 2018, Marriott disclosed a security incident that impacted its Starwood Hotels guest reservation database. At the time the company said that hackers breached the Starwood Hotels reservation system and stole the personal info of more than 383 million hotel guests.