BETHESDA, M.D. – Friday morning, Mariott International said its guest reservation database was breached, potentially exposing the personal information of up to 500 million guests.
In September, the hotel chain said it received an alert about an attempt to access the database. During the investigation, Marriott learned there had been unauthorized access to its Starwood reservation database dating back to 2014. Marriott says hackers copied and encrypted that information. On November 19, Marriott decrypted the information and learned the extent of the hack.
Marriott says if you made a reservation on or before September 10, 2018, for a Starwood property, the information you provided may have been involved. Starwood Hotels’ website says it operates: Renaissance, Gaylord, Westin, Sheraton, Ritz-Carlton, Edition, JW Marriott, Autograph Collection, Delta, AC, Protea, Le Meridien, Tribute Portfolio, Design, Aloft, Four Points, Moxy and Elements Hotel.
For about 327 million guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates.
The payment card numbers were encrypted. There are two components needed to decrypt those card numbers, but at this point, Marriott has not been able to rule out the possibility that both were taken. For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information.
Marriott is establishing a call center dedicated to answering questions about the breach. The call center is open seven days a week and is available in multiple languages. The company said they started sending emails to affected guests Friday.
Marriott is also providing guests with free monitoring software for a year. WebWatcher monitors internet sites where personal information is shared and generates an alert to the consumer if evidence of the consumer’s personal information is found. The service is not available in all countries. Click on your country, if listed, to begin the enrollment process.
Marriott said they are supporting the efforts of law enforcement and working with security experts to improve. Marriott is also devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to their network.