Official reports claimed that the incident compromised information of around 500 million Starwood customers. However, this is merely the most recent in a string of data breaches happening at alarming rates. Still, after the incident when hackers breached 3 billion Yahoo accounts, the Marriott breach is the largest breaches of customer data in history.
Marriott President and CEO Arne Sorenson said in a statement:
“We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves and are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
The Breach
Marriott is the world’s biggest chain of hotels. However, its vast network is part of the reason why the breach ended up being so extensive. Marriott first received an alert about a potential data breach in September 2018. This alert came from an internal security tool and was about an unauthorized attempt to access the database. After they launched an official investigation, Marriott discovered that the breach had been ongoing since 2014. As a result, an unauthorized party had gained and encrypted information spanning over four years. On November 19, Marriott finally confirmed that the leak was happening from its Starwood database.
Marriott said in a statement:
“The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property.”
The company added that for about 327 million of the guests the information includes some combination of the following: a name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. Marriott has confirmed that the data breach has also compromised credit card information of some customers. Although the information is encrypted, officials claim that they cannot rule out the possibility of hackers decoding it.
Efforts to Alleviate
The company claims that it is doing everything in its capacity to remove the data from the breached venues. However, they have not disclosed the details of the process. They have also not made public how much data they have removed.
Officials repeat the fact that leaked personal information can make its way to the black market. Once at the market, people can sell and buy the data for any of several ulterior motives. These include identity theft and targeted email phishing schemes.
The company has set up a website for any consumers who worry that their information may have been part of the breach and will be notifying customers by email. Marriott will also provide guests with one year of WebWatcher, a digital security service.
Stay tuned for more updates!
