Marriott Hotels Hack Exposes Data of 500 Million Guests

Marriott announced today that malicious actors have stolen the records of as many as 500 million guests from the Starwood Hotels’ reservation system, including some credit card information. Marriott acquired the Starwood Hotels chain in 2016.

On November 19, 2018, Marriott’s investigation determined that malicious parties have had unauthorized access to Starwood’s internal network since 2014. The attackers have been able to collect private data on up to 500 million guests from all of Starwood’s hotel brands, including W Hotels, Sheraton, Le Méridien and Four Points by Sheraton.

Marriott said that for about 327 million of these guests, the exposed information includes the mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date and communication preferences.

Payment Information Also Stolen

Some guests also had their payment card numbers and payment card expiration dates stolen. Marriott claimed that this information was encrypted using the symmetric encryption algorithm AES. However, the company noted it doesn’t know whether or not the attackers also gained access to the components required to decrypt that information.

Arne Sorenson, Marriott’s President and CEO, said the company has set up a call center and a dedicated website to address any questions the victims of the data breach may have.

She added that Starwood’s systems will be phased out and replaced by a new system with enhanced security that will presumably fare better against this kind of unauthorized access in the future.

Create a new thread in the UK News comments forum about this subject
1 comment
Comment from the forums
    Your comment
  • kyzarvs
    500 million bookings maybe - I don't believe that 500 million people have stayed in a Marriott in the last few years ;o)