Marriott Data Breach Involved 500 Million Starwood Guest Records



Marriott confirmed that its hotel guest database of about 500 million customers was stolen in a data breach.

Those who have concerns that their data may have been stolen may want to read the announcement that Marriott posted on their website. It includes a list of things Marriott is doing in response to the data breach.

Marriott says that on November 19, 2018, their investigation determined that there was unauthorized access to their guest reservation database, which contained guest information relating to reservations at Starwood properties on or before September 10, 2018. Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014.

Starwood brands include: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotel, and Starwood branded timeshare properties.

Marriott believes that the data breach contained information on up to approximately 500 million guests who made a reservation at a Starwood property.

For approximately 327 million of these guests, the information taken includes some combination of: name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

TechCrunch reported that Marriott said an unknown number of records contained encrypted credit card data, but has “not been able to rule out” that the components needed to decrypt the data wasn’t also taken.

This is a mess! I wouldn’t be surprised if people avoided staying at Starwood brands, or Marriott brands, in the future. Once a company has a data breach of customer’s important information, it becomes extremely difficult to regain the trust of people whose information had been stolen. I also find it troubling that it took four years between when the data breach started and when Marriott found out about it.


Leave a Reply

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.