Marriott data breach exposes 500 million guests’ information

The hotel chain says credit card numbers could be in the hands of hackers

Marriott data breach exposes 500 million guests’ information

 

If you made a reservation at a Marriott Starwood hotel on or before Sept. 10, 2018, it’s possible your credit card information is in the hands of hackers. 

Marriott announced on Nov. 30 its Starwood reservation database has been hacked, and as many as 500 million guests' personal information has been exposed. The hotel chain could not yet confirm if the hackers were able to decrypt the cards’ numbers. It is one of the biggest corporate data breaches in history.

Marriott said about 327 million of the affected guests had their names, emails, phone numbers, arrival and departure information, birth dates and more exposed. 

The Starwood properties, which Marriott bought in 2016, include a number of hotels and branded timeshare properties.

Marriott used Advanced Encryption Standard encryption (AES-128) to mask payment card numbers. The system requires two components to decrypt the card numbers. Marriott says it’s possible that both were taken.  

On Sept. 8, an internal security tool alerted Marriott that someone had attempted to access the Starwood guest reservation database. After hiring security experts, the company learned that since 2014, there had been unauthorized access to the network. The unauthorized party had copied and encrypted information and Marriott began removing it. Marriott found out on Nov. 19 that the compromised contents were from the Starwood guest reservation database.

See related: As data breaches increase, here's how to cut your identity fraud risk

“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward,” Marriott CEO Arne Sorenson said in a statement. 

Not surprisingly, the company’s stock (MAR) has fallen by nearly 6 percent in premarket trading. 

If you think your credit card information might have been hacked, you can get in touch with Marriott’s dedicated call center, which is open seven days a week, at (877) 273-9481. If you were hacked and your email address is in the Starwood database, you will also be notified via email. 

Additionally, monitor your credit card accounts for any suspicious charges and check your credit report at AnnualCreditReport.com. You can freeze your credit – which prevents anyone from accessing your credit report – for free. And if you spot any unauthorized purchases in your card accounts, notify your issuers right away. 

In addition to other measures it has taken to correct the incident, Marriott is offering its guests free enrollment in WebWatcher for a year. WebWatcher audits sites that share personal information and alerts people if it locates their personal information. If you’re U.S.-based and enroll, you’ll also receive reimbursement coverage and fraud consultation services. To enroll in WebWatcher, click on your country below.

 


Join the discussion
We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.




Weekly newsletter
Get the latest news, advice, articles and tips delivered to your inbox. It's FREE.


Updated: 12-15-2018