Marriott data breach hits 500 million guests


New York, Nov 30 (IANS): Marriott International said on Friday that its guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests.

The hotel chain said the hack affected its Starwood reservation database, a group of hotels it bought in 2016 that included the St. Regis, Westin, Sheraton, W Hotels, Le Méridien and Four Points by Sheraton, CNN reported.

For roughly two-thirds of the guests who were possibly affected, the information in the breach included names, addresses, phone numbers, email addresses, passport numbers and travel details.

Marriott said some records also included encrypted payment card information, but it could not rule out the possibility that the encryption keys had also been stolen.

"We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests and using lessons learned to be better moving forward," said Chief Executive Arne Sorenson in a news release.

Marriott said that it reported the breach to law enforcement and was also notifying regulatory authorities.

According to the hotel chain, its internal security tool alerted it of a potential breach to its US database in September. However, it wasn't until November 19 that Marriott was able to decrypt the information to find out what the contents of the breach were.

Marriott said an internal investigation found an attacker had been able to access the Starwood network since 2014 and it believed its database contained records of up to 500 million customers.

Marriott said it was notifying affected guests whose email addresses were in the Starwood database and was also setting up a call centre and a consumer website.

Following the news, Marriott's stock plunged, falling nearly 6 per cent in premarket trading.

  

Top Stories


Leave a Comment

Title: Marriott data breach hits 500 million guests



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.