Marriott data breach hits 500 million guests
November 30, 2018
A hack attack on the Marriott hotel chain affected around half a billion customers, the firm said on Friday, after confirming a massive breach in the Starwood reservation database.
In some cases, hackers may have obtained guests' credit card numbers and the cards' expiration dates. Although the credit card data would be encrypted, Marriott said they could not rule out that the hackers might prove able to decode it.
"We deeply regret this incident happened," said Marriott's CEO, Arne Sorenson. "We fell short of what our guests deserve and what we expect of ourselves."
The attackers also gained access to data fragments including names, addresses, email accounts, passport numbers and phone numbers for around 327 million people.
New York Attorney General Barbara Underwood said she had opened an investigation into the breach.
"New Yorkers deserve to know that their personal information will be protected," she wrote on Twitter.
Read more: No lack of corporate data breaches this decade
Hackers 'copied and encrypted information'
The company was first alerted of an attempt to hack their US database in September. The management launched a probe and discovered "that an unauthorized party had copied and encrypted information, and took steps towards removing it."
Marriott and Starwood merged two years ago. Starwood operates hotels under the names W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Meridien Hotels & Resorts, Four Points by Sheraton and Design Hotels.
Read more: Germany detects new
Marriott International is the biggest hotel chain in the world.
The company said it had set up a website and a call center for its customers and would begin sending emails to affected guests on Friday. The firm also said it had found traces of unauthorized access to Starwood's network going back to 2014.
Place in history
The Marriott hacking is among the biggest ever reported, but remains overshadowed by the 2013 hacking of Yahoo, when the attackers gained access to data on all of Yahoo's 3 billion customers.
dj/msh (AP, AFP, dpa)