Marriot hack affects 500 million

It was reported on 30 November that over 500 million customers of Marriott International had been compromised by an unauthorised party.

The hotel chain said its guest reservation database of its Starwood division had been hacked and that a hacker had been able to access the Starwood networks since 2014.

Marriot International bought Starwood in 2016, and the company said that it was alerted by and internal security tool when someone tried to access the Starwood database.

After an investigation was carried out it became clear that an unauthorised party had copied and encrypted information.

The database is thought to contain the personal details of up to 500 million customers.

According to the hotel group, information regarding 327 million guests was taken, including a combination of:

• Name
• Address
• Phone number
• Email address
• Passport number
• Account information
• Gender
• Arrival and departure times

Some records also included encrypted payment card information and said that the encryption keys could also have been stolen.

In a statement the company said: “We deeply regret this incident happened,” and that, “Marriott reported this incident to law enforcement and continues to support their investigation. The company has already begun notifying regulatory authorities.”

The UK’s information Commissioner’s Office said: “We have received a data breach report from Marriott involving its Starwood Hotels and will be making enquiries. If anyone has concerns about how their data has been handled they can report these concerns to us.”

Marriott has since set up a website for affected customers and said that it would be in touch with affected customers whose email addresses were in the database, which contained details of reservations made on or before 10 September of this year.

The company is also offering affected customers a year-long subscription to a fraud-checking service.

Chris Fox, technology reporter at the BBC said: “The UK's data regulator has confirmed it is investigating, and so the threat of a whopping GDPR penalty looms.”

The hack is tied for the second biggest hack of all time alongside a Yahoo hack that occurred back in 2016.

Marriot shares dropped by 8.7% after the announcement was made.