Preface: Perhaps this is not the key factor causes data breach on Jan 2020. But the sound can tell.
Observation: It is believed that a new round of data breaches by Marriott this week has attracted attention. Maybe the hotel industry will run within 24 hours. Do maintenance or system upgrade is not easy. We only look at the homepage of Marriott’s “Member Credit Card Rewards”. Found a vulnerable “jquery” still in operation. From attacker point of view, such hints similar give him an indication that this web site may have more space for exploitation. As we know, jQuery(version 1.11.3) which has XSS vulnerability found on March, 2017. Why still valid in an enterprise web site. The root cause is hard to tell. May be it is a extend legacy web application. I think you will be concern the details of official announcement. See below url: