FYI.

This story is over 5 years old.

News

Half a billion Marriott guests may have had their data stolen

“We fell short of what our guests deserve."
marriott
Reuters

Marriott International revealed Friday that data on as many as 500 million guests of its Starwood hotel chain may have been hacked in a massive security breach stretching back to 2014.

For nearly two-thirds of those potentially affected, the information included names, physical and email addresses, and phone and passport numbers. For some victims, the breached data also included payment card numbers and expiration dates.

Advertisement

The hotel chain said the stolen payment card data had been encrypted, but it couldn’t rule out that the information needed to decode the data was also taken.

“We deeply regret this incident happened,” chief executive Arne Sorenson said in a statement.

“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

READ: A hacker stole instructions for Reaper drones and is selling them on the dark web

The company, the world’s largest hotel chain, said it was alerted by an internal security tool in September that there had been an attempt to access the Starwood guest reservation database. A subsequent investigation determined last week that there had been unauthorized access since 2014, and that the intruder had copied and encrypted information.

It said it had notified police and was supporting their ongoing investigation, and will start notifying affected guests Friday.

The hack may be one of the largest ever, behind the mammoth Yahoo hack in 2013 that saw all of its 3 billion or so accounts compromised.

Cover image: A Marriott flag hangs at the entrance of the New York Marriott Downtown hotel in Manhattan, New York November 16, 2015. (REUTERS/Andrew Kelly)