Marriott International (MAR 2.19%), the largest hotel operator in the world, said in a statement on Tuesday that one of its apps had been hacked and the information for as many as 5.2 million rewards members had been breached.

What happened

The company said it noticed in late February 2020 that a certain app that allows owned and franchised hotels to access customer preferences had unusually high usage from a franchised property in Russia. After revoking credentials of two employee logins that had been used to access the information and upon further investigation, Marriott said it appeared that the activity had been going on since the beginning of January 2020.

An open door and a hotel room.

Image source: Getty Images.

While Marriott says the information in the system did not include passwords, card numbers, or other sensitive information, it did include other data such as contact information, loyalty program details, some personal information, and airline affiliation rewards information. 

Three strikes

While a data breach isn't uncommon, even for companies as large as Marriott, this is the third time in the past 18 months that there has been some kind of system hack at the hotel chain. 

This past October, an attacker accessed the personal information of 1,500 employees, including social security numbers. And one year prior to that breach, there was an attack on Starwood hotel's reservation system. Starwood is owned by Marriott. In that instance, hackers gained access to over 300 million hotel guests' personal information, including passport and credit card numbers. A class action lawsuit has been initiated against Marriott for that breach.

Bad timing

This announcement comes as Marriott is dealing with a halt in the tourism industry in the wake of the COVID-19 pandemic. It recently furloughed thousands of workers as reservations are on hold.