Marriott hack hits 500 million guests

[nir]

The records of 500 million customers of the hotel group Marriott International have been involved in a data breach.

The hotel chain said the guest reservation database of its Starwood division had been compromised by an unauthorised party.

 

It said an internal investigation found an attacker had been able to access to the Starwood network since 2014.

 

The company said it would notify customers whose records were in the database.

 

Starwood's hotel brands include W Hotels, Sheraton, Le Méridien and Four Points by Sheraton. Marriott-branded hotels use a separate reservation system on a different network.

 

Marriott said it was alerted by an internal security tool that somebody was attempting to access the Starwood database. After investigating, it discovered that an "unauthorised party had copied and encrypted information".

 

It said it believed its database contained records of up to 500 million customers.

 

For about 327 million guests, the information included "some combination" of name, mailing address, phone number, email address, passport number, account information, date of birth, gender, and arrival and departure information.

 

It said some records also included encrypted payment card information, but it could not rule out the possibility that the encryption keys had also been stolen.

 

"We deeply regret this incident happened," the company said in a statement.

 

"Marriott reported this incident to law enforcement and continues to support their investigation. The company has already begun notifying regulatory authorities."

 

The company has set up a website to give affected customers more information. It will also offer customers in the US and some other countries a year-long subscription to a fraud-detecting service.

 

In a statement, the UK's Information Commissioner's Office said: "We have received a data breach report from Marriott involving its Starwood Hotels and will be making enquiries. If anyone has concerns about how their data has been handled they can report these concerns to us."

 

Source

[nir]

Marriott Hacking Exposes Data of Up to 500 Million Guests

 

Marriott International acknowledged on Friday that an “unauthorized party had copied and encrypted information” about 500 million customers on one of its reservations systems in September.CreditCreditMauritz Antin/EPA, via Shutterstock

The Marriott International hotel chain said on Friday that the database of its Starwood reservation system had been hacked and that the personal details of up to 500 million guests going as far back as 2014 has been compromised.

The hotel group, which runs more than 6,700 properties around the world, was informed in September about an attempt to access the database, and an investigation this month revealed that unauthorized access had been made on or before Sept. 10, Marriott said in a statement.

The investigation also found that an “unauthorized party had copied and encrypted information, and took steps toward removing it,” the statement said.

The hotel chain said that personal details including names, addresses, dates of birth, passport numbers, email addresses and phone numbers for hundreds of millions of guests may have been compromised.

Hackers also obtained encrypted credit-card information for some customers, but it was unclear if the hackers would be able to use those payment details.

“We deeply regret this incident,” Arne Sorenson, Marriott’s president and chief executive officer, said in a statement. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

The company said it had set up a dedicated website and call center to deal with questions guests might have about their personal information, and had notified regulatory and legal authorities. Marriott also said it would try to reach affected customers on Friday to inform them of the security breach.

Marriott, based in Bethesda, Md., is the world’s largest hotel chain, having bought Starwood Hotels and Resorts Worldwide two years ago for $12.2 billion. The merger brought brands like Westin, W and Sheraton under the same roof, and prompted questions about whether the brands being acquired would lose some of their cool factor.

Customers also complained about problems with rewards programs after efforts to merge data from Starwood’s rewards program into Marriott’s left the records of millions of customers in limbo for weeks.

The company has also been grappling in recent weeks with strikes by thousands of workers, who walked out of 49 hotels in nine cities to call for better health care, wages and protection from sexual harassment.

Source