Marriott data breach exposes 500 million guests’ information
The hotel chain says credit card numbers could be in the hands of hackers
If you made a reservation at a Marriott Starwood hotel on or before Sept. 10, 2018, it’s possible your credit card information is in the hands of hackers.
Marriott announced on Nov. 30 its Starwood reservation database has been hacked, and as many as 500 million guests' personal information has been exposed. The hotel chain could not yet confirm if the hackers were able to decrypt the cards’ numbers. It is one of the biggest corporate data breaches in history.
Marriott said about 327 million of the affected guests had their names, emails, phone numbers, arrival and departure information, birth dates and more exposed.
The Starwood properties, which Marriott bought in 2016, include a number of hotels and branded timeshare properties.
Marriott used Advanced Encryption Standard encryption (AES-128) to mask payment card numbers. The system requires two components to decrypt the card numbers. Marriott says it’s possible that both were taken.
On Sept. 8, an internal security tool alerted Marriott that someone had attempted to access the Starwood guest reservation database. After hiring security experts, the company learned that since 2014, there had been unauthorized access to the network. The unauthorized party had copied and encrypted information and Marriott began removing it. Marriott found out on Nov. 19 that the compromised contents were from the Starwood guest reservation database.
“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward,” Marriott CEO Arne Sorenson said in a statement.
Not surprisingly, the company’s stock (MAR) has fallen by nearly 6 percent in premarket trading.
If you think your credit card information might have been hacked, you can get in touch with Marriott’s dedicated call center, which is open seven days a week, at (877) 273-9481. If you were hacked and your email address is in the Starwood database, you will also be notified via email.
Additionally, monitor your credit card accounts for any suspicious charges and check your credit report at AnnualCreditReport.com. You can freeze your credit – which prevents anyone from accessing your credit report – for free. And if you spot any unauthorized purchases in your card accounts, notify your issuers right away.
In addition to other measures it has taken to correct the incident, Marriott is offering its guests free enrollment in WebWatcher for a year. WebWatcher audits sites that share personal information and alerts people if it locates their personal information. If you’re U.S.-based and enroll, you’ll also receive reimbursement coverage and fraud consultation services. To enroll in WebWatcher, click on your country below.
- Apple and Goldman Sachs set to launch new credit card in the spring – Apple and Goldman Sachs will launch a new joint credit card this spring, according to media reports. It will be linked to new personal finance tools on the iPhone ...
- Poll: 56% of balance-carrying cardholders have had debt for at least a year – According to a new poll from CreditCards.com, 56 percent of credit card holders who are carrying balances have been doing so for more than a year. ...
- Visa, Mastercard to raise swipe fees in April: reports – Visa and Mastercard are planning to raise swipe fees in April, according to media reports. It could result in higher prices for consumers. ...