The biggest hotel chain, Marriott, revealed a huge data breach that involved 500 million guests over a period of 4 years. This is one of the largest data breaches to occur thus far. The data breach affected the Starwood guest reservation system, a chain of Marriott. The chain commented saying: Affected guest information goes back four years until September 10, 2018.
The breach was first discovered on September 8, when an internal security tool alerted to an unauthorized attempt in to the database. Upon investigation into the breach, they found hackers gained access to databases containing guest information of about 500 million customers and had been on the Starwood network since 2014. Marriott has said that their own network was not affected by this four- year long data breach.
The Starwood brand hotels include:
W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels that participate in the Starwood Preferred Guest (SPG) program.
Marriott said that the hacker copied and encrypted the information they were stealing. After decrypting the information, the hotel chain found the information included information from tehe Starwood guest reservation database. This information included 500 million guest reservations and of those 327 million of these guests exposed information included names, phone numbers, email addresses, passport numbers, date of birth, and arrival/departure information. Still deep into their investigation, the hotel chain is unsure how many guests had their credit card information stolen, due to the AED encryption methods used.
Marriott has stated that they are working with leading security experts and law enforcement to resolve the incident. They are offering their affected guests 24/7 dedicated call center and one years worth of WebWatcher.
The CEO, Arne Sorenson, has stated the following:
“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward”
This massive data breach is a strong indication that stronger security laws need to be in place that protect consumers and hold organizations accountable. Investigations into the data breach have already opened by the attorney generals from New York, Maryland, and Pennsylvania. The New York attorney office on Twitter commented:
‘We’ve opened an investigation into the Marriott data breach. New Yorkers deserve to know that their personal information will be protected.
U.S Senator Ron Wyden has said:
“If history is any guide, this megabreach will be like the others that came before it—the company will apologize, proclaim that it values its customers’ privacy, and then offer useless credit monitoring to the millions of Americans impacted by this years-long breach”
Image credits: Marriott
If you believe, that you or your organization has been victim of a data breach, contact LIFARS for assistance.