×
You will be redirected back to your article in seconds

Hack of Marriott’s Starwood Reservations System Compromised Personal Info on Up to 500 Million Customers

Marriott International disclosed a massive security breach of the reservations system for its Starwood Hotels and Resorts brand, a hack it said Friday may have compromised private info on up to 500 million guests.

According to Marriott, for around 327 million Starwood guests, the database included such personal information as name, mailing address, phone number, email address, passport number, date of birth, and gender. For some Starwood customers, the hacked database also stored payment card numbers and expiration dates, although Marriott said that information was encrypted.

Hackers had accessed the Starwood network since 2014, Marriott said. The incident is one of the biggest single breaches of personal consumer data to date.

In an 8-K filing Friday, Marriott said it doesn’t know what the financial cost of the hack will be, but the company said it does not believe it will “impact its long-term financial health.”

“The company carries insurance, including cyber insurance, commensurate with its size and the nature of its operations,” it said. “The company is working with its insurance carriers to assess coverage.”

Marriott said it has taken measures to investigate and address the data-security incident involving the Starwood guest reservation database. It said it discovered the hack on Nov. 19, 2018.

“We deeply regret this incident happened,” Arne Sorenson, Marriott’s president and CEO, said in a statement. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

Marriott has set up a dedicated website at answers.kroll.com operated by risk-consulting firm Kroll to provide information and services to customers related to the hack. It also has opened a 24-hour dedicated call center for customers to inquire about their accounts. Marriott said it will begin sending emails to affected Starwood guests about the hack “on a rolling basis” starting Nov. 30. In addition, Marriott also is offering guests in the U.S., Canada and the U.K. a free one-year enrollment in privacy-monitoring service WebWatcher.

Marriott said that on Sept. 8, 2018, its IT team received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the U.S. After investigating, the hotel chain said, it then discovered “an unauthorized party had copied and encrypted information” from the database.

The credit-card data hackers were able to steal from the Starwood system was encrypted using Advanced Encryption Standard encryption (AES-128). Marriott said it has “not been able to rule out the possibility” that hackers were able to access the keys necessary to decrypt that data.

Marriott said it reported the incident to law enforcement and has already begun notifying regulatory authorities.

Starwood brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton, and Design Hotels. Starwood-branded timeshare properties are also included.

More Digital

  • USA Today Mobile Apps Get Oscars

    USA Today Launches Oscars AR Experience to Highlight Work of Costume Designers (EXCLUSIVE)

    USA Today is getting ready for the Academy Awards with an augmented reality (AR) experience dedicated to the work of the costume designers on some of the Oscar-nominated movies. The experience, which went live in USA Today’s Android and iOS app Monday, presents wardrobe from 6 movies in augmented reality, including costumes worn on “Mary [...]

  • Amazon Prime

    Amazon Prime India Greenlights ‘Bandits’ Music Series

    Amazon Prime Video India has greenlit original series “Bandish Bandits.” The show is a musical created by Still and Still Media Collective. The series will follow an Indian classical musician bound by tradition and a pop star whose performance skills are greater than her talent. A bandish is a term used to describe a musical [...]

  • Alibaba Buys 8% Stake in Chinese

    Alibaba Buys 8% Stake in Chinese Video Platform Bilibili

    Alibaba has purchased an 8% stake in the Chinese online video platform Bilibili, the official Xinhua news agency reported. Bilibili is one of China’s top video streaming and entertainment platforms, with about 92 million monthly active users and 450 million page-views per day. Founded in 2009, it was listed on the NASDAQ last March. Alibaba’s [...]

  • Clevver-Logo

    Hearst Magazines Buys Clevver's Pop-Culture YouTube Channels After Defy's Demise

    Hearst Magazines has snapped up Clevver, a network of female-skewing lifestyle and pop-culture news YouTube channels that had been owned by now-defunct Defy Media. Clevver was left homeless after Defy’s sudden shutdown in November; its principals said at the time they were looking for a new home. Hearst Magazines sees a digital fit with Clevver’s [...]

  • "Brother" -- Episode 201-- Pictured (l-r):

    CBS Interactive's Marc DeBevoise on Streaming Boom, Content Strategy, and Apple

    Not everyone wants or needs to be Netflix to succeed in the streaming space. And not everyone sees Apple’s enigmatic new service as a threat. Even as rival streaming services offer gobs of content, CBS Interactive’s president and COO Marc DeBevoise sees the company’s targeted original programming strategy continuing to attract viewers to its All [...]

  • Rhett-Link-Good-Mythical-Morning

    Rhett & Link's Mythical Entertainment in Talks to Acquire Smosh (EXCLUSIVE)

    Smosh, the YouTube comedy brand left stranded after parent company Defy Media went belly-up, may be about to get a new business partner. Mythical Entertainment, the entertainment company founded by top YouTube comedy duo Rhett & Link, has been in talks about acquiring the Smosh brand, sources told Variety. Multiple potential buyers came forward to [...]

  • Pokemon Go

    Proposed 'Pokémon Go' Lawsuit Settlement May Remove Poké Stops, Gyms

    A proposed settlement in the class action lawsuit against “Pokémon Go” developer Niantic could remove or change a number of Poké Stops and Gyms in the popular augmented reality game. The proposed settlement was filed in a California court on Thursday and applies to anyone in the U.S. who owns or leases property within 100 meters [...]

More From Our Brands

Access exclusive content