Technology
Marriott data breach affects 500 million Starwood customers
If you value your data privacy, Starwood Points might end up costing you more than they’ve saved.
Marriott International, Inc. disclosed a data breach of its Starwood guest reservation database on Friday. It estimates that the hack has affected 500 million customers, and acknowledged that the compromise had gone undetected for four years; hackers have had access to components of the database since 2014, and Marriott only became aware of any security issue in September 2018.
Yep, that means somebody had four years of unfettered access to a massive database of world travelers and their personal and potentially financial information. It’s one of the biggest breaches in history, behind Yahoo’s 2013 email hack, which affected 3 billion users.
Marriott is still determining exactly what information was accessed. The Starwood database manages customer reservations for multiple hotels including W Hotels, St. Regis, Sheraton Hotels & Resorts
It believes that 327 million of those guests had personal information taken, including — but not limited to! — this fun list:
Name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
What hospitality!
The database had more intense encryption for financial information. But Marriott says that it is not ruling out the possibility that hackers had access to credit card data as well.
“There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken.”
The breach for the remaining ~170 million affected customers “was limited to” names, as well as, “sometimes other data.”
Some legal experts wonder when companies will realize that collecting this amount of data on their customers is more of a liability than it is a business opportunity. Some companies make money selling data. However, when those databases are breached, it can result in hefty fines and a lot of public ill will; Yahoo recently had to pay the SEC $35 million for a 2014 breach affecting 500 million users. Does that magic number sound familiar, Marriott?
Marriott has set up a dedicated website and call center to answer questions about the breach. They are providing a year of WebWatcher to customers who used Starwood between 2014 and September 2018, a service that provides an alert if your data shows up in hacker marketplaces.
Marriott says it “deeply regrets” the incident. But that sentiment isn’t saving their customers’ privacy, now is it.
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1453039084979896’);
if (window._geo == ‘GB’) {
fbq(‘init’, ‘322220058389212’);
}
if (window.mashKit) {
mashKit.gdpr.trackerFactory(function() {
fbq(‘track’, “PageView”);
}).render();
}
-
Entertainment7 days ago
Summer Movie Preview: From ‘Alien’ and ‘Furiosa’ to ‘Deadpool and Wolverine’
-
Entertainment5 days ago
What’s on the far side of the moon? Not darkness.
-
Business6 days ago
Thoma Bravo to take UK cybersecurity company Darktrace private in $5B deal
-
Business6 days ago
How Rubrik’s IPO paid off big for Greylock VC Asheem Chandna
-
Business5 days ago
TikTok faces a ban in the US, Tesla profits drop and healthcare data leaks
-
Business4 days ago
London’s first defense tech hackathon brings Ukraine war closer to the city’s startups
-
Business7 days ago
Zomato’s quick commerce unit Blinkit eclipses core food business in value, says Goldman Sachs
-
Business6 days ago
Photo-sharing community EyeEm will license users’ photos to train AI if they don’t delete them