Marriott announces data breach affecting up to 500 million guests

File photos of properties owned by Starwood Hotels and Resorts Worldwide, LLC, a subsidiary of Marriott International. (AP file photos)

BETHESDA, Md. (WTHR) - A data security breach inside Marriott's reservation database compromised the information of up to 500 million guests on or before September 10.

Marriott was first alerted to a possible security issue September 8. Their investigation found there had been unauthorized access into their Starwood reservation network since 2014. They're still looking into how widespread the issue was, but believes it affects up to roughly 500 million guests who made a reservation at any Starwood property, including some combination of:

  • name
  • mailing address
  • phone number
  • email address
  • passport number
  • Starwood Preferred Guest account information
  • date of birth
  • gender
  • arrival and departure information
  • reservation date
  • communication preferences

For some of those affected, the hackers also got payment card numbers and expiration dates. The numbers were encrypted using a method that requires two components to decrypt. At this point, Marriott can't say if both of those elements were taken.

Starwood is a subsidiary that Marriott just finished acquiring in September 2016. Their brands include Westin, Sheraton, W Hotels, St. Regis, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties are also included.

"We deeply regret this incident happened," said Arne Sorenson, Marriott's president and chief executive officer. "We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward."

"Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call center. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network," Mr. Sorenson continued.

If you think your information may have been taken, Marriott has set up a dedicated website and call center. In the U.S. and Canada, the call center number is (877) 273-9481. Marriott will also begin sending emails Friday on a rolling basis to all affected guests whose emails are in the Starwood reservation database. They've also offered to enroll guests in WebWatcher consumer protection software for free for one year. More information on that is available at the same website.

Filed under: