Marriott data breach: Up to 500 million guests affected
Marriott International said on Friday that hackers had stolen the personal data of up to 500 million guests from its reservation system in an attack that started four years ago.
A sign marks the location of a Marriott hotel on Friday, November 30, 2018 in Chicago, Illinois. [Photo: VCG]
The world's largest hotel chain said hackers have been attacking its Starwood Hotels reservation database since 2014, and that it only identified the issue last week after a two-month investigation.
For 327 million guests, the stolen data include names, email addresses, phone numbers, and passport numbers. For millions of others, it could include payment card numbers – and Marriott warned that it has not confirmed whether or not they were decrypted by the hackers.
"We deeply regret this incident happened," said Arne Sorenson, Marriott's president and chief executive officer. "We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward."
The New York Attorney General Barbara Underwood later announced an investigation into Marriott's data breach, saying in a tweet that "New Yorkers deserve to know that their personal information will be protected."
Marriott's data breach is one of the largest in history, second only to the 2013 Yahoo breach that affected three billion users.
The breach could also put Marriott in violation of new European privacy laws, as the guests affected included European travelers.
Marriott bought Starwood in 2016. Starwood operated a group of hotels including the W Hotels, St. Regis, Sheraton, and Westin chains.