Marriott data breach hits 500 million Starwood hotel guests

Marriott revealed a major data breach on Friday.

SOPA Images

Marriott discovered a data breach that could’ve impacted up to 500 million guests, it said Friday.

The hotel group revealed that hackers compromised the guest reservation database of its Starwood division, whose brands include Sheraton, W Hotels, Westin, Le Meridien, Four Points by Sheraton, Aloft and St. Regis, up to Sept. 10.

Its Marriott-branded hotels use a separate reservation system on a different network, the BBC reported.

An internal investigation found that the network was first breached in 2014, and that “an unauthorized party had copied and encrypted information.” For around 327 million of those impacted, that data included names, addresses, phone numbers, emails, passport numbers and travel details.

Now playing:
Watch this:

Cryptojacking: The hot new hacker trick for easy money


Data breaches have become an all too common problem for businesses and consumers alike, with no sign of slowing down. Last month, for instance, Hong Kong airline Cathay Pacific announced it suffered a data breach that impacted 9.4 million people. In September, Facebook revealed a breach that put the data of 50 million users at risk. And the ripple effects of older incidents continues to be felt: Just a month ago, Yahoo said it will have to pay $50 million in damages as part of a settlement following massive data breaches in 2013 and 2014.

Lawmakers have taken notice, and they’re looking for ways to press companies to accept more responsibility. In Congress, Sen. Ron Wyden has introduced a proposed Consumer Data Protection Act, which, among other things, would threaten CEOs with possible jail time if they’re found to have lied about their data protection efforts.

In the UK, the Information Commissioner’s Office said that Marriott had informed it of the breach and that it’s making inquiries into the matter. The watchdog agency also addressed the victims of the breach.

“We advise people who may have been affected to be vigilant and to follow advice from the ICO and National Cyber Security Centre websites about how they can protect themselves and their data online,” an ICO spokesman said in an emailed statement.

Meanwhile, New York’s attorney general said in a tweet that her office has opened an investigation.

Marriott noted that some of the stolen information also included payment card numbers and expiration dates. Even though this data is normally encrypted, the company said the encryption key data might’ve been stolen too.

An internal security tool alerted Marriott to a potential breach on Sept. 8, but it only determined the content of the stolen data on Nov. 19.

The company will start notifying affected guests via email from Friday, and it has set up an information website and call center. It’s also offering guests in the US and some other countries a year’s subscription to WebWatcher, a fraud detection service.

“We fell short of what our guests deserve and what we expect of ourselves,” said Arne Sorenson, Marriott’s president and CEO, in a release. “We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

Starwood was previously impacted by a malware attack in 2016, the same year Marriott bought it for $13 billion. The following year, more than 1,200 properties run by the InterContinental Hotels Group fell victim to a three-month malware attack targeting payment card data.

First published at 5:11 a.m. PT.
Updated at 6:31 a.m. PT: Added more details about the Marriott breach.
Updated at 6:58 a.m. PT: Added New York AG’s statement and background about recent data breaches.

Firefox warning: It’ll let you know if the website you’re visiting suffered a data breach.

Facebook breach: A vulnerability put the data of 50 million users at risk

Source link

Leave a Reply

Subscribe to our newsletter

Join our monthly newsletter and never miss out on new stories and promotions.
Techhnews will use the information you provide on this form to be in touch with you and to provide updates and marketing.

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at We will treat your information with respect.

%d bloggers like this: