Share
Marriott hotels: data of 500m guests may have been exposed

Marriott hotels: data of 500m guests may have been exposed

Marriott has announced that the data of 500 million guests may have been exposed in breaches of a reservation database for its hotels, which include luxury London institutions. The company said reservations at its Starwood properties, which include the Park Lane Sheraton Grand, Westbury Mayfair and Le Méridien Piccadilly, had been affected by the “data…

Marriott has announced that the data of 500 million guests may have been exposed in breaches of a reservation database for its hotels, which include luxury London institutions.

The company said reservations at its Starwood properties, which include the Park Lane Sheraton Grand, Westbury Mayfair and Le Méridien Piccadilly, had been affected by the “data security incident”.

The breached database stored information including passport numbers, dates of births, names, addresses and phone numbers for 327 million guests. Payment card numbers and expiration dates were also stored for some. For the remaining guests affected, Marriott said in a statement, “the information was limited to name and sometimes other data such as mailing address, email address, or other information”.

The breach was spotted in the Starwood guest reservation database in the US on 8 September and the company “discovered that an unauthorised party had copied and encrypted information, and took steps towards removing it”, Marriott said.

Security experts determined there had been unauthorised access to the Starwood network since 2014, it added. Researchers decrypted the information and determined its contents were from the Starwood reservation database on 19 November.

Sign up to the daily Business Today email or follow Guardian Business on Twitter at @BusinessDesk

Arne Sorenson, the president and chief executive of Marriott International, said: “We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

The Maryland-based company said law enforcement agencies were investigating.

Payment card numbers were encrypted using a method that required two components to break the encryption, the statement said. “Marriott has not been able to rule out the possibility that both were taken,” it said.

Starwood was bought by Marriott in 2016.

Read More

Leave a Comment