Marriott International has revealed that its Starwood Hotel reservation database has been hacked. An investigation carried out by the company revealed that hackers have had unauthorized access to the Starwood network since 2014.
The astonishing revelation means that information of half a billion guests could have been exposed — including sensitive personal data such as home address and passport number — and Marriott says there is evidence that data has been copied from its network.
While Marriott says that it has taken steps to rectify the matter, this will be of little comfort to millions of customers whose details have been exposed for four years. The company says that for 327 million guests, various combinations of names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, dates of birth, gender and other personal details could have been accessed by intruders.
In some instances, payment card numbers and expiration dates were also accessed, but Marriott says that this data was encrypted.
But the encryption may not be enough to protect the data. Marriott explained that two components are needed to decrypt the data, and it was not able to rule out both of these components having been stolen.
In a statement Marriott said:
Marriott reported this incident to law enforcement and continues to support their investigation. We have already begun notifying regulatory authorities.
Marriott deeply regrets this incident happened. From the start, we moved quickly to contain the incident and conduct a thorough investigation with the assistance of leading security experts. Marriott is working hard to ensure our guests have answers to questions about their personal information with a dedicated website and call center. We are supporting the efforts of law enforcement and working with leading security experts to improve. Marriott is also devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.
The company is in the process of contacting guests who may be affected by the breach, and has set up a call center to deal with queries. It is offering customers a year’s subscription to WebWatcher for free. More details can be found here.
Image credit: ANDREA DELBO / Shutterstock