Marriott reveals data breach of 500 million Starwood guests

Marriott says its guest reservation system has been hacked, potentially exposing the personal information of...

Posted: Nov 30, 2018 10:01 PM
Updated: Nov 30, 2018 10:02 PM

Marriott says its guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests.

The hotel chain said Friday the hack affects its Starwood reservation database, a group of hotels it bought in 2016 that includes the St. Regis, Westin, Sheraton and W Hotels.

Companies

Hotel chains

Hotels and motels

Lodging

Marriott International Incorporated

Travel and tourism

Crime, law enforcement and corrections

Criminal offenses

Digital crime

Technology

Digital security

Marriott said hackers had gained "unauthorized access" to the Starwood reservation system since 2014, but the company only identified the issue last week.

"The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it," Marriott said in a statement.

For 327 million people, Marriott says the guests' exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information. For millions others, their credit card numbers and card expiration dates were potentially compromised.

Marriott warns that it can't confirm if the hackers were able to decrypt the credit card numbers.

"We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward," said CEO Arne Sorenson.

The hotel chain said it has reported the hack to law enforcement.

Marriott said it will begin emailing guests affected by the breach and has created an informational website. There's also a call center that's been set up.

The company said it's giving guests a free membership to WebWatcher, a personal information monitoring service. It's also telling guests to monitor their loyalty accounts for suspicious activity, change their account passwords and check credit card statements for unauthorized activity.

Today's revelation marks one of the biggest corporate data beaches in history. It's second behind one involving Yahoo, which said in 2017 that 3 billion accounts encompassing several of its brands were compromised. AdultFriendFinder revealed in 2016 that 412 million accounts were hacked.

Because the hack involves customers in the European Union and the United Kingdom, the company might be in violation of the recently enacted General Data Protection Regulation.

Mark Thompson, the global lead for consulting company KPMG's Privacy Advisory Practice, told CNN Business that hefty GDPR penalties will potentially be slapped on the company.

"The size and scale of this thing is huge," he said, adding that it's going to take several months for regulators to investigate the breach. He said there's a trend for class action lawsuits in these cases.

In the United States, the New York Attorney General's office said it has opened an investigation into the data breach. The office told CNN Business that the company hasn't yet notified the AG about the data breach, which is required under state law.

The attorneys general of Maryland and Pennsylvania have also said that they are investigating.

Marriott's (MAR) stock is plunging on the news, falling more than 6% in trading. The combined company has 6,700 properties in more than 129 countries.

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Confirmed Cases: 31715

Reported Deaths: 1984
CountyConfirmedDeaths
Marion9189533
Lake3299167
Cass15826
Allen127766
St. Joseph117034
Hendricks112367
Hamilton109992
Johnson1082104
Elkhart100827
Madison58258
Porter48721
Bartholomew48033
Clark45838
LaPorte40821
Tippecanoe3733
Jackson3611
Howard35618
Delaware35434
Hancock31927
Shelby31421
Floyd31338
Boone28235
Morgan26124
Vanderburgh2482
Montgomery22717
White2268
Decatur22431
Clinton2151
Noble18520
Grant18520
Harrison18521
Dubois1822
Greene16723
Warrick16426
Dearborn16221
Monroe16010
Henry1597
Vigo1477
Lawrence14322
Miami1391
Putnam1337
Jennings1274
Orange12422
Scott1183
Ripley1126
Franklin1068
Carroll922
Kosciusko861
Daviess8216
Steuben792
Newton7410
Wabash722
Wayne695
Fayette654
Marshall641
LaGrange602
Jasper561
Washington521
Fulton471
Rush452
Jay430
Jefferson411
Randolph403
Pulaski390
Clay391
Whitley392
Brown331
Sullivan321
Starke313
Owen311
DeKalb291
Perry270
Huntington262
Benton250
Knox240
Crawford230
Wells230
Tipton221
Blackford201
Switzerland190
Fountain182
Parke170
Posey170
Spencer161
Gibson142
Ohio130
Adams121
Warren121
Vermillion90
Martin90
Union80
Pike60
Unassigned0152

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Confirmed Cases: 112017

Reported Deaths: 4885
CountyConfirmedDeaths
Cook730973324
Lake7723250
DuPage7207340
Kane5761152
Will5188258
Winnebago195351
McHenry142767
St. Clair99172
Kankakee79942
Kendall71419
Rock Island63622
Champaign5647
Madison53954
Boone39716
Sangamon33126
DeKalb3253
Randolph2593
Jackson22810
McLean21110
Ogle1922
Stephenson1902
Macon18819
Peoria1797
Clinton17716
Out of IL1641
Union1417
LaSalle14012
Whiteside13410
Iroquois1304
Coles1169
Warren1140
Unassigned1100
Jefferson10116
Knox940
Monroe9211
Grundy892
McDonough835
Lee771
Cass670
Henry670
Tazewell673
Williamson551
Marion500
Jasper457
Adams441
Macoupin411
Perry410
Pulaski400
Montgomery391
Vermilion391
Morgan341
Christian334
Livingston312
Douglas270
Jo Daviess270
Fayette202
Ford201
Jersey201
Washington180
Mason170
Menard170
Woodford172
Shelby161
Bureau151
Mercer150
Carroll132
Hancock130
Franklin120
Crawford110
Fulton110
Piatt110
Bond101
Brown100
Clark100
Cumberland100
Logan100
Moultrie100
Schuyler100
Wayne91
Alexander80
Henderson80
Johnson70
Massac70
Saline70
Effingham61
Greene50
Marshall50
De Witt40
Lawrence40
Richland30
Stark30
Clay20
Edwards20
Gallatin20
Hamilton20
Wabash20
White20
Calhoun10
Hardin10
Pike10
Pope10
Putnam10
Edgar00
Terre Haute
Clear
78° wxIcon
Hi: 87° Lo: 67°
Feels Like: 80°
Robinson
Scattered Clouds
76° wxIcon
Hi: 86° Lo: 66°
Feels Like: 76°
Indianapolis
Broken Clouds
76° wxIcon
Hi: 87° Lo: 67°
Feels Like: 76°
Rockville
Clear
71° wxIcon
Hi: 85° Lo: 66°
Feels Like: 71°
Casey
Few Clouds
77° wxIcon
Hi: 83° Lo: 66°
Feels Like: 79°
Brazil
Clear
78° wxIcon
Hi: 85° Lo: 66°
Feels Like: 80°
Marshall
Clear
78° wxIcon
Hi: 87° Lo: 66°
Feels Like: 80°
No Major Changes
WTHI Planner
WTHI Temps
WTHI Radar

WTHI Events