Marriott data breach: 500 million hacked who used W, Sheraton, more

A Marriott hotel in San
Francisco, California.
Justin
Sullivan/Getty Images

Marriott has announced a massive breach of data belonging to 500
million guests who stayed at hotel brands including W, Sheraton,
and Westin.

Marriott announced on Friday that it had “taken measures to
investigate and address a data security incident” that stemmed
from its Starwood guest authorization database.

The company said it believes that around 500 million people’s
information was accessed, including an unspecified number who had
their credit card details taken. It affects customers who made
bookings on or before September 10, 2018.

Marriott said that this credit card information was
encrypted, but that it is possible that the hackers also took the
information necessary to decrypt them.

For around 367 million of those affected, Marriott said, the
information taken includes some combination of their name,
mailing address, phone number, email address, passport number,
date of birth, gender, and other information around their
Starwood account.

The company determined on November 19 that there had been
unauthorized access to the database, which contained information
from guests who stayed in Starwood properties on or before
September 10 of this year.

“Marriott reported this incident to law enforcement and continues
to support their investigation.  The company has already
begun notifying regulatory authorities,” the company said.

Arne Sorenson, Marriott’s President and Chief Executive
Officer, said: “We deeply regret this incident happened.

“We fell short of what our guests deserve and what we
expect of ourselves.  We are doing everything we can to
support our guests, and using lessons learned to be better moving
forward.”