- About 500 million people have had their data hacked after staying at hotels brands including W, Sheraton, and Westin, Marriott said on Friday.
- A breach in the Starwood guest-authorization database meant that millions of people had a combination of their name, address, passport number, date of birth, and other information stolen, the company said.
- An unspecified number of people also had their credit-card information taken. It is encrypted, but Marriott said the hackers might have taken the information needed to decrypt it.
- Marriott said it informed law enforcement about the incident and was supporting the investigation.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced Friday that it had “taken measures to investigate and address a data security incident” that it said stemmed from its Starwood guest-authorization database.
The company said it thought about 500 million people’s information was accessed, including an unspecified number who had their credit-card details taken.
Marriott said that the unauthorised access had been going on since 2014 and that the breach affected customers who made bookings on or before September 10.
Marriott said that customers’ credit-card information was encrypted but that it was possible the hackers also took the information necessary to decrypt them.
For about 367 million of those affected, Marriott said, the information taken includes some combination of their name, mailing address, phone number, email address, passport number, date of birth, gender, and other information around their Starwood account.
The company determined on November 19 that there had been unauthorised access to the Starwood database, which contained information from guests who stayed in Starwood properties on or before September 10.
Starwood brands include:
- W Hotels
- St. Regis
- Sheraton Hotels & Resorts
- Westin Hotels & Resorts
- Element Hotels
- Aloft Hotels
- The Luxury Collection
- Tribute Portfolio
- Le Méridien Hotels & Resort
- Four Points by Sheraton
- Design Hotels
Marriott bought Starwood hotels in 2016. Starwood is now a subsidiary of Marriott, and it does not appear that Marriott-branded hotels or other hotels owned by Marriott were affected by the breach.
This chart shows how Marriott splits up its hotels:
“Marriott reported this incident to law enforcement and continues to support their investigation,” the company said. “The company has already begun notifying regulatory authorities.”
Arne Sorenson, Marriott’s president and CEO, said: “We deeply regret this incident happened.”
He added: “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests and using lessons learned to be better moving forward.”
Marriott could not be reached for comment when contacted by Business Insider.
Business Insider Emails & Alerts
Site highlights each day to your inbox.