Marriott International has announced that up to 500 million customers may have had their personal information compromised as part of a massive breach of the Starwood guest reservation database. The breach, which already yields the potential to be one of the largest in consumer data ever, was brought to the attention of Marriott officials in September 2018 by an internal security tool. An investigation into the matter revealed that an unauthorized party had copied and encrypted information as early as 2014. The information was traced to its Starwood database on November 19th, according to Marriott.
“We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward,” says Marriott president and CEO Arne Sorenson.
The company has since reported the breach to law enforcement at the Securities and Exchange Commission. A website has also been developed for customers concerned that their private information may be among those compromised. Roughly 327 million of the guests impacted are believed to have some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account, birthday, gender, arrival and departure information, reservation dates, and communication preferences hacked in this incident.
“Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call center,” Sorenson adds. “We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”
