Marriott says 500 million Starwood accounts compromised

Marriott says its guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests.

Posted: Nov 30, 2018 10:03 AM
Updated: Nov 30, 2018 12:18 PM


Marriott says its guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests.

The hotel chain said Friday the hack affects its Starwood reservation database, a group of hotels it bought in 2016 that includes the St. Regis, Westin, Sheraton and W Hotels.

Marriott said hackers had gained "unauthorized access" to the Starwood reservation system since 2014, but the company only identified the issue last week.

"The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it," Marriott said in a statement.

For 327 million people, Marriott says the guests' exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information. For millions others, their credit card numbers and card expiration dates were potentially compromised.

Marriott warns that it can't confirm if the hackers were able to decrypt the credit card numbers.

"We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward," said CEO Arne Sorenson.

The hotel chain said it has reported the hack to law enforcement.

Marriott said it will begin emailing guests affected by the breach and has created an informational website. There's also a call center that's been set up.

The company said it's giving guests a free membership to WebWatcher, a personal information monitoring service. It's also telling guests to monitor their loyalty accounts for suspicious activity, change their account passwords and check credit card statements for unauthorized activity.

Today's revelation marks one of the biggest corporate data beaches in history. It's second behind one involving Yahoo, which said in 2017 that 3 billion accounts encompassing several of its brands were compromised. AdultFriendFinder revealed in 2016 that 412 million accounts were hacked.

Because the hack involves customers in the European Union and the United Kingdom, the company might be in violation of the recently enacted General Data Protection Regulation.

Mark Thompson, the global lead for consulting company KPMG's Privacy Advisory Practice, told CNN Business that hefty GDPR penalties will "likely" be slapped on the company.

"The size and scale of this thing is huge," he said, adding that it's going to take several months for regulators to investigate the breach, but that he expects class action lawsuits to quickly materialize.

In the United States, the New York Attorney General's office said it has opened an investigation into the data breach. The office told CNN Business that the company hasn't yet notified the AG about the data breach, which is required under state law.

The attorneys general of Maryland and Pennsylvania have also said that they are investigating.

Marriott's (MAR) stock is plunging on the news, falling more than 5% in early trading. The combined company has 6,700 properties in more than 129 countries.

Lafayette
Cloudy
32° wxIcon
Hi: 33° Lo: 31°
Feels Like: 23°
Kokomo
Cloudy
31° wxIcon
Hi: 31° Lo: 30°
Feels Like: 21°
Rensselaer
Cloudy
30° wxIcon
Hi: 31° Lo: 29°
Feels Like: 23°
Lafayette
Cloudy
32° wxIcon
Hi: 31° Lo: 29°
Feels Like: 23°
Danville
Cloudy
31° wxIcon
Hi: 31° Lo: 30°
Feels Like: 21°
Frankfort
Cloudy
30° wxIcon
Hi: 31° Lo: 30°
Feels Like: 21°
Frankfort
Cloudy
30° wxIcon
Hi: 31° Lo: 30°
Feels Like: 21°
Monticello
Cloudy
30° wxIcon
Hi: 33° Lo: 31°
Feels Like: 23°
Monticello
Cloudy
30° wxIcon
Hi: 34° Lo: 31°
Feels Like: 23°
Logansport
Cloudy
30° wxIcon
Hi: 31° Lo: 30°
Feels Like: 21°
Snow showers......
WLFI Radar
WLFI Temps
WLFI Planner

Indiana Coronavirus Cases

Data is updated nightly.

Cases: 587049

Reported Deaths: 9287
CountyCasesDeaths
Marion810691296
Lake44121665
Allen31797541
Hamilton28178303
St. Joseph26684369
Elkhart24057340
Vanderburgh18519213
Tippecanoe17305121
Johnson14398284
Porter14342159
Hendricks13793241
Madison10509212
Vigo10432171
Clark10151129
Monroe9029108
Delaware8782129
LaPorte8721153
Kosciusko784677
Howard7834137
Warrick636790
Hancock633297
Bartholomew624294
Floyd6098105
Wayne5903156
Grant5799109
Dubois541670
Boone531467
Morgan512388
Marshall492484
Henry491164
Cass469060
Noble458757
Dearborn454544
Jackson413145
Shelby401178
Lawrence379475
Clinton363639
Gibson355056
DeKalb336363
Montgomery333851
Harrison326042
Knox325439
Miami308243
Steuben304940
Adams294435
Whitley292325
Wabash291645
Ripley290845
Putnam282447
Huntington281257
Jasper280733
White265738
Daviess260772
Jefferson248538
Fayette241348
Decatur241282
Greene232460
Posey230026
Wells228547
LaGrange223461
Clay216432
Scott216437
Randolph207540
Jennings191335
Sullivan188531
Spencer179917
Fountain178625
Washington175018
Starke170741
Jay162021
Fulton158829
Owen157837
Carroll151315
Orange150533
Rush148118
Perry145327
Vermillion144333
Franklin142533
Parke12788
Tipton127332
Pike113125
Blackford107022
Pulaski94637
Newton89020
Brown85530
Benton84110
Crawford7479
Martin69213
Warren6537
Switzerland6175
Union6063
Ohio4647
Unassigned0374

COVID-19 Important links and resources

As the spread of COVID-19, or as it's more commonly known as the coronavirus continues, this page will serve as your one-stop for the resources you need to stay informed and to keep you and your family safe. CLICK HERE

Closings related to the prevention of the COVID-19 can be found on our Closings page.

Community Events