Marriott Hotels International is revealing up to 500 million customers have had some of their data stolen in a breach of their Starwood guest reservation database.
The breach was discovered September 8th of this year, and further investigation revealed there had been unauthorized access since 2014.
For 327 million of these guests, data stolen includes some combination of the following information:
- Mailing Address
- Phone Number
- Email Address
- Passport Number
- Starwood Preferred Guest (SPG) account information
- Date of Birth
- Arrival & Departure information
- Reservation Date
- Communication Preferences
In some cases, encrypted payment information (payment card numbers, and payment card expiration dates) was stolen, but Marriott cannot confirm at this time if the hackers were able to decrypt that data.
The company says two components are needed to decrypt the payment data, and they can’t rule out the possibility both were taken.
For the remaining guests, information taken was limited to name, and occasionally email or mailing address.
Some of the brands included in the breach are Sheraton, Westin, and Four Points by Sheraton.
Marriott reported this incident to law enforcement and an investigation is continuing.
“We deeply regret this incident happened,” said Arne Sorenson, Marriott’s President and Chief Executive Officer. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
Marriott has launched a dedicated website and call centre to answer questions from concerned users.