×
You will be redirected back to your article in seconds

Hack of Marriott’s Starwood Reservations System Compromised Personal Info on Up to 500 Million Customers

Marriott International disclosed a massive security breach of the reservations system for its Starwood Hotels and Resorts brand, a hack it said Friday may have compromised private info on up to 500 million guests.

According to Marriott, for around 327 million Starwood guests, the database included such personal information as name, mailing address, phone number, email address, passport number, date of birth, and gender. For some Starwood customers, the hacked database also stored payment card numbers and expiration dates, although Marriott said that information was encrypted.

Hackers had accessed the Starwood network since 2014, Marriott said. The incident is one of the biggest single breaches of personal consumer data to date.

In an 8-K filing Friday, Marriott said it doesn’t know what the financial cost of the hack will be, but the company said it does not believe it will “impact its long-term financial health.”

“The company carries insurance, including cyber insurance, commensurate with its size and the nature of its operations,” it said. “The company is working with its insurance carriers to assess coverage.”

Marriott said it has taken measures to investigate and address the data-security incident involving the Starwood guest reservation database. It said it discovered the hack on Nov. 19, 2018.

“We deeply regret this incident happened,” Arne Sorenson, Marriott’s president and CEO, said in a statement. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

Marriott has set up a dedicated website at answers.kroll.com operated by risk-consulting firm Kroll to provide information and services to customers related to the hack. It also has opened a 24-hour dedicated call center for customers to inquire about their accounts. Marriott said it will begin sending emails to affected Starwood guests about the hack “on a rolling basis” starting Nov. 30. In addition, Marriott also is offering guests in the U.S., Canada and the U.K. a free one-year enrollment in privacy-monitoring service WebWatcher.

Marriott said that on Sept. 8, 2018, its IT team received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the U.S. After investigating, the hotel chain said, it then discovered “an unauthorized party had copied and encrypted information” from the database.

The credit-card data hackers were able to steal from the Starwood system was encrypted using Advanced Encryption Standard encryption (AES-128). Marriott said it has “not been able to rule out the possibility” that hackers were able to access the keys necessary to decrypt that data.

Marriott said it reported the incident to law enforcement and has already begun notifying regulatory authorities.

Starwood brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton, and Design Hotels. Starwood-branded timeshare properties are also included.

More Digital

  • Colin Kroll Dead Vine Obit

    HQ Trivia and Vine Co-Founder Colin Kroll Dies at 35

    Colin Kroll, co-founder of the Vine video app and the HQ Trivia game, was found dead in his Manhattan apartment early Sunday of an apparent drug overdose, Variety has confirmed. He was 35. New York Police Department officers responded at 12:18 a.m. Sunday, Dec. 16, to a call by Kroll’s girlfriend who was concerned about [...]

  • Nick Eh 30, StoneMountain64

    CAA Signs Gaming Influencers Nick Eh 30, StoneMountain64

    CAA has signed two popular live-streaming battle royale gamers — Nicholas Amyoony, better known as Nick Eh 30, and David Steinberg, aka StoneMountain64 — for representation. CAA said it will work to create opportunities for Nick Eh 30 (above left) and StoneMountain64 (above right) in all areas, including TV, motion pictures, touring, digital distribution and [...]

  • Amazon Adds NBA League Pass to

    Amazon Adds NBA League Pass Live-Streaming Games to Prime Video Channels

    Amazon is bringing pro hoops action to Prime Video Channels: The ecommerce giant now offers NBA League Pass as part of its lineup of 150-plus subscription options for Prime members in the U.S. It’s the first U.S. live-sports subscription service on Prime Video Channels. Prime members can subscribe to NBA League Pass via Prime Video [...]

  • Fifty Shades of Grey

    International Piracy Ring Stole Over 25,000 Movie and TV Digital Files, U.S. Feds Say

    A five-member international hacking crime ring stole more than 25,000 files for Hollywood movies and TV shows and illegally offered hundreds of them for sale online, according to U.S. law enforcement officials. A federal grand jury in L.A. on Wednesday (Dec. 12) indicted five men, identified as residing in the U.K., India, Dubai and Malaysia, [...]

  • Phil Schiller, Apple's senior vice president

    Apple to Update iPhones in China to Avoid Sales Ban

    Apple is pushing out a software update to iPhones in China to address a recent court order obtained by Qualcomm that banned the sale of certain iPhone models in the country. The update will allow the company to continue selling its phones in China, company representatives told Reuters Friday morning. The Fuzhou Intermediate People’s Court [...]

  • Kevin Reilly Variety Cover

    Kevin Reilly Named Content Chief for WarnerMedia Streaming Service

    Kevin Reilly — a veteran television exec who has led programming at NBC, FX, Fox, and most recently Turner Broadcasting — has been tapped to head content strategy for the still-nascent streaming service that WarnerMedia plans to launch next year. Reilly, who has led programming at Turner brands TNT and TBS since 2015, will serve [...]

More From Our Brands

Access exclusive content