Up to 500 million guests have had their details stolen after Marriott’s booking database was compromised. Shockingly, unauthorised access has been taking place to the company’s booking system since 2014. The hack affects bookings made to all Starwood properties including:
- W Hotels;
- St. Regis;
- Sheraton Hotels & Resorts;
- Westin Hotels & Resorts, Element Hotels;
- Aloft Hotels;
- The Luxury Collection;
- Tribute Portfolio;
- Le Méridien Hotels & Resorts;
- Four Points by Sheraton;
- and Design Hotels.
Marriot was reportedly made aware of the unauthorised access on September 8th, however, did not know the scale of the breach until November 19th. The news comes after British Airways and Cathay Pacific suffered huge data breaches earlier in the year. The unauthorised party has reportedly copied and encrypted sensitive information. The hotel chain estimates that 327 million guests have had very sensitive details such as date of birth and passport number stolen. The remaining guests have only had their names and addresses stolen.
A smaller proportion may have had their credit card details stolen too. While Marriott has told that they use two-component Advanced Encryption Standard encryption (AES-128) to encrypt the details, they cannot rule out whether the two parts necessary to unlock the encryption were stolen.
Marriott International Statement
Marriott’s CEO, Arne Sorenson, today released a statement regarding the breach:
“We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward. Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call center. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”
Am I Affected?
Most likely if you have made a booking, or maybe even registered your details with one of the affected hotels. You will receive an email from “no-reply[at]starwoodhotels.com” if you have been affected, so keep an eye out on your inbox if you are worried. Marriott has set up a dedicated website and call centre for those who have or may have been involved.
Additionally, Marriott is offering guests who have been affected a year’s subscription to the service “web watcher”. According to Marriott “WebWatcher monitors internet sites where personal information is shared and generates an alert to the consumer if evidence of the consumer’s personal information is found.”
What do you think of the data breach? Let us know in the comments down below!