Marriott International announced on Friday that they suffered a security breach that could have affected the personal information of up to 500 million guests, according to NBC News.
Marriott, which is the world’s largest hotel chain, said that the company discovered the unauthorized access reached all the way back to 2014 and an “unauthorized party” had copied encrypted information from its Starwood database.
Marriott announces massive Starwood guest reservation database hack; says believes it contains info on up to approx. 500,000,000 guests, and the company “understands the importance of protecting personal information.” https://t.co/PQ0Ii1v6Db
— NBC News (@NBCNews) November 30, 2018
“The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property,” the company said in a statement, according to NBC.
For over 300 million guests, the obtained information could include a combination of “name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.”
Some guests’ credit card information could have also been affected, even if the data was encrypted. “Marriott said that it can’t rule out the possibility that it could have been decoded,” NBC reported.
Jake Williams, president and founder of cybersecurity firm Rendition Infosec, told NBC that Marriott’s statement “is very inarticulately worded.”
“I’m playing guesswork at what some of these statements mean,” he said.
The company first discovered the breach in September and later that the database had been accessed by an outside party since 2014.
The Hotel giant reported the breach in a filing with the Securities and Exchange Commission but said that it did not expect the breach to hurt its business.
“The Company does not believe this incident will impact its long-term financial health,” Marriott said.
Marriott said that it would begin reaching out to the affected customers via email on Friday.
“We are still investigating the situation so we don’t have a list of specific hotels. What we do know is that it only impacted Starwood brands,” Marriott spokesman Jeff Flaherty told Reuters.
Marriott has set up a website for people who think their information might have been involved in the breach. Guests will also be provided with one year of WebWatcher, a digital security service.
“We deeply regret this incident happened,” Marriott President and CEO Arne Sorenson said in a statement, according to NBC.
“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
CNBC reported that Marriott shares fell almost six percent to around $115 before the trading bell on Friday.
Marriott isn’t the first hotel chain to suffer this type of attack, both InterContinental Hotels and Hyatt Hotels were victims of cyber attacks last year.
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.