Marriott information breach hits 500 million Starwood hotel visitors

Marriott International logo seen displayed on smart phone.

Revealed: The Secrets our Clients Used to Earn $3 Billion

Marriott exposed a significant information breach on Friday.


Travelers, beware: Marriott has actually found a information breach that might affect as much as 500 million visitors.

The hotel group exposed Friday that hackers had actually jeopardized the visitor booking database of its Starwood department, whose brand names consist of Sheraton, W Hotels, Westin, Le Meridien, Four Points by Sheraton, Aloft andSt Regis. The issue impacts individuals who had bookings at those residential or commercial properties up tillSept 10 of this year.

Its Marriott- branded hotels utilize a different booking system on a various network.

An internal examination discovered that the network was very first breached in 2014 which “an unauthorized party had copied and encrypted information.” For around 327 countless those impacted, that information consisted of names, addresses, contact number, e-mails, passport numbers and take a trip information.

Data breaches have actually ended up being an all too typical issue for organizations and customers alike, without any indication of decreasing. Last month, for example, Hong Kong airline company Cathay Pacific revealed it suffered an information breach that affected 9.4 million individuals. In September, Facebook exposed a breach that put the information of 50 million users at threat. And the causal sequences of older occurrences continues to be felt: Just a month back, Yahoo stated it will need to pay $50 million in damages as part of a settlement following enormous information breaches in 2013 and2014

< div class ="shortcode video v2" data-video-playlist="[{" id="" we="" know="" and="" you="" should="" do="" about="" the="" marriott="" hack="" many="" as="" million="" guests="" may="" have="" been="" affected.="" news="" video="">

Now playing:
Watch this:

What we know — and you should do — about the Marriott…


Lawmakers have taken notice, and they’re looking for ways to press companies to accept more responsibility. In Congress, Sen. Ron Wyden has introduced a proposed Consumer Data Protection Act, which, among other things, would threaten CEOs with possible jail time if they’re found to have lied about their data protection efforts.

In the UK, the Information Commissioner’s Office said that Marriott had informed it of the breach and that it’s making inquiries into the matter. The watchdog agency also addressed the victims of the breach.

“We advise people who may have been affected to be vigilant and to follow advice from the ICO and National Cyber Security Centre websites about how they can protect themselves and their data online,” an ICO spokesman said in an emailed statement.

Meanwhile, New York’s attorney general said in a tweet that her office has opened an investigation.

Marriott noted that some of the stolen information also included payment card numbers and expiration dates. Even though this data is normally encrypted, the company said the encryption key data might’ve been stolen too.

An internal security tool alerted Marriott to a potential breach on Sept. 8, but the company only determined the content of the stolen data on Nov. 19.

Marriott will start notifying affected guests via email from Friday, and it has set up an information website and call center. It’s also offering guests in the US and some other countries a year’s subscription to WebWatcher, a fraud detection service.

“We fell short of what our guests deserve and what we expect of ourselves,” said Arne Sorenson, Marriott’s president and CEO, in a release. “We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

Starwood was previously impacted by a malware attack in 2016, the same year Marriott bought it for $13 billion. The following year, more than 1,200 properties run by the InterContinental Hotels Group fell victim to a three-month malware attack targeting payment card data.

First published at 5:11 a.m. PT.
Updated at 6:31 a.m. PT: Added more details about the Marriott breach.
Updated at 6:58 a.m. PT: Added New York AG’s statement and background about recent data breaches.

Firefox warning: It’ll let you know if the website you’re visiting suffered a data breach.

Facebook breach: A vulnerability put the data of 50 million users at risk

This site uses Akismet to reduce spam. Learn how your comment data is processed.