Marriott hack affects 500 million
Marriott hack affects 500 million Starwood guests | Starwood data breach could have begun in 2014. The records of 500 million customers of the hotel group Marriott International have been involved in a data breach. Marriott, now the largest hotel chain in the world, said Starwood's guest reservation database was compromised by unauthorised party. An internal investigation revealed that a hacker had been able to access the Starwood network since 2014. Marriott International acquired Starwood in 2016. Starwood hotel brands include Sheraton, Le Méridien, W Hotels, and Four Points by Sheraton. Marriott-branded hotels use a separate reservation system on a different network.
The Marriott hack was revealed when an internal security tool alerted staff of an attempt to access the Starwood database. It was discovered that an "unauthorised party had copied and encrypted information".
Guest records compromised in Starwood data breach
It is believed that up to 500 million customer records were stored in the database. At the time of the Marriott hack, Approximately 327 million of those records included "some combination" of:
date of birth
arrival and departure information
The company confirmed that some records included encrypted payment card details. However, the possibility that the encryption keys had also been stolen could not be ruled out.
Commenting on the Starwood data breach, a spokesperson for the group said:
We deeply regret this incident happened," the company said in a statement. Marriott reported this incident to law enforcement and continues to support their investigation. The company has already begun notifying regulatory authorities.
The hotel group has set up a website to provide more information to affected customers. It is also offering customers in the US and some other countries a 12-month subscription to a fraud-detecting service.
The Information Commissioner's Office said in a statement:
We have received a data breach report from Marriott involving its Starwood Hotels and will be making enquiries. If anyone has concerns about how their data has been handled they can report these concerns to us.