Marriott International announced today (March 31) a data breach affecting approximately 5.2 million former hotel guests.

The potentially stolen data included guests' names, addresses, e-mail addresses, and phone numbers, as well as details of their Marriott Bomboy accounts and rooms.

However, according to the web page Marriott posted about the incident, it did not include "payment card information, passport information, national ID, or driver's license numbers" or "passwords or PINs for Marriott Bomboy accounts."

This somewhat limits the potential damage from data theft, but spammers and robocallers may enjoy using contact information.

In some instances, the "birthday" and "month" of the guest was included, but in order for identity thieves to count it, they would probably need to know the birth year of the targeted individual as well.

Marriott owns approximately 30 hotel and hospitality brands, including Sheraton, W, Westin, Ritz-Carlton, Le Meridien, Renaissance, Fairfield Inn, as well as a half dozen Marriott brands. The full list is at the end of this article.

Affected guests should have already received an email from Marriott (specifically from the address [email protected]) regarding this matter. If in doubt, there is a "self-service portal" where you can check to see if you are affected.

You can also call toll-free to +1-800-598-9655 in the US and Canada, 08003457018 in the UK, 1800280257 in Australia, 0805540130 in France, and 08006644414 in Germany. In other areas, international calls must be made to +1-402-952-5356.

The email should contain a code to enroll in Experian IdentityWorks identity theft protection for free for one year. If you want to subscribe to better protection, you can look through our review of the best identity theft protection services, but it can't hurt.

Marriott has not indicated how old the compromised data may be, so we cannot yet say when affected guests may have stayed at Marriott-managed properties.

The company said the breach began in mid-January after someone exploited the login credentials of two employees at a "franchised property," i.e., a Marriott-branded hotel not directly owned by Marriott International.

The intrusion was discovered at the end of February, which means the intruders had been prowling Marriott's systems for six weeks.

In late 2018, Marriott reported a larger and even more serious data breach involving the records of nearly 500 million people who stayed at the former Starwood hotel brand.

The breach began in 2014, two years before Marriott International acquired Starwood hotels, and included guests' passport and credit card numbers.

Since none of the stolen information has been identified in the criminal market, some cybercrime experts now believe that the breaches between 2014 and 2018 were carried out by hackers aided by the Chinese state who were looking for information on the movements of Western politicians, business executives, diplomats, and spies. They believe that.

Marriott International owns and/or manages "30 brands and more than 7,000 properties across 131 countries and territories," according to its website.

Its hotel brands include Ritz-Carlton, St. Regis, W, Sheraton; Regis, W, Sheraton, Edition, Delta, Rennaissance, Gaylord, Luxury Collection, Le Meridien, Westin, Four Points, SpringHill Suites, Protea, Fairfield Inn and Suites, AC, Aloft, Moxy, Residence Inn, Element, TownePlace Suites, Autograph Collection, Design Hotels, Tribute Portfolio, as well as Homes & Villas by Marriott International, Marriott Executive Apartments, Courtyard by Marriott, Marriott Vacation Club, Marriott Hotels, and JW Marriott.