Data breach at Marriott sees hackers access info of 500M guests

Many had their passport numbers compromised.
Publish date:

If you've recently stayed at a Marriott Starwood hotel, you're going to want to pay attention.

That's because Marriott confirmed on Friday that it has been the victim of a data breach involving its Starwood reservation system, which has compromised the information of some 500 million guests.

Marriott bought the Starwood group of hotels in 2016, and it includes the brand names St. Regis, Westin, Sheraton and W Hotels, of which there are multiple locations in Minnesota.

Marriott says that there had been unauthorized access to the Starwood network since 2014, and it impacted reservations made up until September 10, 2018.

For around 327 million of the guests affected, the information taken includes a combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, and reservation information.

Some of the impacted guests also had their payment card numbers and expiration dates taken. Marriott says that two decryption codes are needed to access the card numbers, and says it's not been able to rule out the possibility that both have been taken.

Subscribe: Sign up to our daily newsletters

For the other 173 million or so guests, the information taken was limited to name and sometimes other details such as mailing address or email address.

Marriott has created an information website for anyone affected, and will begin the process of contacting those compromised in the breach.

“We deeply regret this incident happened,” said Arne Sorenson, Marriott’s President and Chief Executive Officer. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

Next Up