Marriott says Starwood database hacked
About 500-million guests are at risk after an unauthorised party copied and encrypted their personal information
Bengaluru — Marriott International said on Friday that a guest reservation database of its Starwood Hotel brand was breached, potentially exposing information on about 500-million guests.
The company said its investigation showed that an unauthorised party had copied and encrypted information, and that there had been unauthorised access to the Starwood network since 2014.
The company said it had taken steps to rectify the situation. Marriott was not immediately available for further comments.
For about 327-million of these guests, the information includes some combination of name, mailing address, phone number, e-mail address, passport number, Starwood Preferred Guest account information, date of birth and gender among other personal details, Marriott said.
For some, the information also includes payment card numbers and expiration dates, but those numbers were encrypted, the hotel chain said.
There are two components needed to decrypt the payment card numbers, and at this point, Marriott said it had not been able to rule out the possibility that both were stolen.
The hospitality company said it reported this incident to law enforcement and continues to support their investigation. It has already begun notifying regulatory authorities.