Marriott reveals data breach of 500 million Starwood guests

Marriott says its guest reservation system has been hacked, potentially exposing the personal information of...

Posted: Nov 30, 2018 10:01 PM
Updated: Nov 30, 2018 10:02 PM

Marriott says its guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests.

The hotel chain said Friday the hack affects its Starwood reservation database, a group of hotels it bought in 2016 that includes the St. Regis, Westin, Sheraton and W Hotels.

Companies

Hotel chains

Hotels and motels

Lodging

Marriott International Incorporated

Travel and tourism

Crime, law enforcement and corrections

Criminal offenses

Digital crime

Technology

Digital security

Marriott said hackers had gained "unauthorized access" to the Starwood reservation system since 2014, but the company only identified the issue last week.

"The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it," Marriott said in a statement.

For 327 million people, Marriott says the guests' exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information. For millions others, their credit card numbers and card expiration dates were potentially compromised.

Marriott warns that it can't confirm if the hackers were able to decrypt the credit card numbers.

"We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward," said CEO Arne Sorenson.

The hotel chain said it has reported the hack to law enforcement.

Marriott said it will begin emailing guests affected by the breach and has created an informational website. There's also a call center that's been set up.

The company said it's giving guests a free membership to WebWatcher, a personal information monitoring service. It's also telling guests to monitor their loyalty accounts for suspicious activity, change their account passwords and check credit card statements for unauthorized activity.

Today's revelation marks one of the biggest corporate data beaches in history. It's second behind one involving Yahoo, which said in 2017 that 3 billion accounts encompassing several of its brands were compromised. AdultFriendFinder revealed in 2016 that 412 million accounts were hacked.

Because the hack involves customers in the European Union and the United Kingdom, the company might be in violation of the recently enacted General Data Protection Regulation.

Mark Thompson, the global lead for consulting company KPMG's Privacy Advisory Practice, told CNN Business that hefty GDPR penalties will potentially be slapped on the company.

"The size and scale of this thing is huge," he said, adding that it's going to take several months for regulators to investigate the breach. He said there's a trend for class action lawsuits in these cases.

In the United States, the New York Attorney General's office said it has opened an investigation into the data breach. The office told CNN Business that the company hasn't yet notified the AG about the data breach, which is required under state law.

The attorneys general of Maryland and Pennsylvania have also said that they are investigating.

Marriott's (MAR) stock is plunging on the news, falling more than 6% in trading. The combined company has 6,700 properties in more than 129 countries.

West Lafayette
Clear
69° wxIcon
Hi: 82° Lo: 60°
Feels Like: 69°
Kokomo
Few Clouds
67° wxIcon
Hi: 80° Lo: 57°
Feels Like: 67°
Rensselaer
Broken Clouds
66° wxIcon
Hi: 78° Lo: 57°
Feels Like: 66°
Fowler
Broken Clouds
66° wxIcon
Hi: 80° Lo: 57°
Feels Like: 66°
Williamsport
Broken Clouds
71° wxIcon
Hi: 83° Lo: 58°
Feels Like: 71°
Crawfordsville
Broken Clouds
66° wxIcon
Hi: 81° Lo: 58°
Feels Like: 66°
Frankfort
Scattered Clouds
72° wxIcon
Hi: 81° Lo: 58°
Feels Like: 72°
Delphi
Overcast
67° wxIcon
Hi: 81° Lo: 57°
Feels Like: 67°
Monticello
Overcast
67° wxIcon
Hi: 79° Lo: 57°
Feels Like: 67°
Logansport
Overcast
66° wxIcon
Hi: 80° Lo: 57°
Feels Like: 66°
WLFI Radar
WLFI Temps
WLFI Planner

Indiana Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 51079

Reported Deaths: 2756
CountyConfirmedDeaths
Marion12019693
Lake5588248
Elkhart353959
Allen2939134
St. Joseph210669
Hamilton1691101
Cass16449
Hendricks1454100
Johnson1340118
Porter82638
Tippecanoe7709
Vanderburgh7276
Clark69544
Madison67464
LaPorte61628
Howard59858
Bartholomew59745
Kosciusko5754
Marshall5449
Noble51328
LaGrange4849
Boone48244
Jackson4783
Delaware47152
Hancock46736
Shelby45425
Floyd40644
Morgan34231
Monroe34028
Grant31826
Dubois3046
Henry30018
Montgomery29720
Clinton2903
White27410
Dearborn25823
Decatur25632
Lawrence25225
Vigo2528
Warrick25029
Harrison21722
Greene19432
Miami1932
Jennings17912
Putnam1738
DeKalb1694
Scott1649
Wayne1546
Daviess15017
Perry14710
Orange13723
Steuben1362
Jasper1352
Ripley1307
Franklin1278
Gibson1202
Wabash1162
Carroll1142
Fayette1067
Whitley1066
Starke1043
Newton10010
Huntington942
Jefferson862
Wells821
Randolph794
Fulton731
Knox710
Jay700
Washington681
Pulaski661
Clay645
Rush613
Posey570
Spencer541
Owen521
Benton510
Sullivan501
Adams491
Brown431
Blackford402
Fountain352
Crawford330
Switzerland320
Tipton321
Parke270
Martin260
Ohio230
Vermillion200
Warren151
Union140
Pike110
Unassigned0193

COVID-19 Important links and resources

As the spread of COVID-19, or as it's more commonly known as the coronavirus continues, this page will serve as your one-stop for the resources you need to stay informed and to keep you and your family safe. CLICK HERE

Closings related to the prevention of the COVID-19 can be found on our Closings page.

Community Events