This data breach could potentially be one of the next most serious breaches of customers’ data security, behind the hacking of about 3 billion Yahoo accounts.
Marriott International reported that the personal data of about 500 million of their guests had been stolen during the penetration of its Starwood guest reservation database.
The Starwood chain includes the W Hotels, St. Regency, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton, Design Hotels and all Starwood temporary property rentals.
With this disclosure, the case is indeed one of the biggest breaches in the consumers’ data security globally.
Marriott is the world’s largest hotel chain now, but that was clearly not enough to ensure good cybersecurity level of its customers’ collected and stored personal data. The company said they first understood that they had a problem in September. An internal security tool reacted then to a hacker attempt to access the database. Marriott launched an investigation that revealed that someone had unauthorized access from 2014 onwards! The hacker has stolen, copied and encrypted the hotel chain information.
However, Marriott understood that this stolen information was precisely collected and stored in its Starwood database on November 19.
Marriott’s official statement says:
“The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property.”
The statement also states that personal information about 327 million hotel guests have been stolen including some combination of a phone number, name, mailing address, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and more.
There are some customers who may have also had their bank card data stolen. These data would have been encrypted, but Marriott admitted that they did not exclude the possibility that the information had been decrypted by the hackers after the theft.
Marriott claims that they have taken steps to address this brutal cybersecurity crime and that they are cooperating with the authorities. The company said that the “unauthorized party” was able to copy and encrypt some information within its system “and took steps toward removing it”, but did not explain how much data was actually stolen and then encrypted.
The real fact is that hackers often sell stolen personal data on the Internet, which are then used by cybercriminals to commit various attacks on individuals, including identity theft, phishing emails, and various types of fraud.
The company has created a website for all users who worry that their personal information has been stolen during this hacker theft, and they are also committed to informing affected customers by email.
“We deeply regret this incident happened”, Marriott President and CEO Arne Sorenson said in an official statement. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
Brian Frosh, the attorney general of Maryland, where Marriott is headquartered, has announced he has opened an investigation into the spectacular hacker theft of personal data.
“The Marriott data breach is one of the largest and most alarming we’ve seen”, Frosh said.
Barbara Underwood, attorney general of New York, has also launched an investigation into this cybercrime.
“New Yorkers deserve to know that their personal information will be protected”, she said.
This hacker breach will probably be one of the biggest in history after hacking about 3 billion Yahoo accounts. At the beginning of the year, Under Armor reported that about 150 million MyFitnessPal diet and fitness app accounts were compromised. But now this news about the 500 million compromised clients of the Marriott-owned hotels is really worrying.
In 2016, Marriott bought Starwood Hotels & Resorts Worldwide for $13 billion, creating the largest hotel chain in the world by joining hotels like Sheraton, St. Louis, Regis, Westin and others. Obviously, however, the necessary steps have not been taken to maintain the required level of personal data cybersecurity once such a huge amount of information has been stolen over such a long period.