Marriott announced on Nov. 30 its Starwood reservation database has been hacked, exposing the personal information of 500 million guests. Millions of guests’ credit card information may have been stolen.
If you made a reservation at a Marriott Starwood hotel on or before Sept. 10, 2018, it’s possible your credit card information is in the hands of hackers.
Marriott announced on Nov. 30 its Starwood reservation database has been hacked, and as many as 500 million guests’ personal information has been exposed. The hotel chain could not yet confirm if the hackers were able to decrypt the cards’ numbers. It is one of the biggest corporate data breaches in history.
Marriott said about 327 million of the affected guests had their names, emails, phone numbers, arrival and departure information, birth dates and more exposed.
The Starwood properties, which Marriott bought in 2016, include a number of hotels and branded timeshare properties.
Marriott used Advanced Encryption Standard encryption (AES-128) to mask payment card numbers. The system requires two components to decrypt the card numbers. Marriott says it’s possible that both were taken.
On Sept. 8, an internal security tool alerted Marriott that someone had attempted to access the Starwood guest reservation database. After hiring security experts, the company learned that since 2014, there had been unauthorized access to the network. The unauthorized party had copied and encrypted information and Marriott began removing it. Marriott found out on Nov. 19 that the compromised contents were from the Starwood guest reservation database.
“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward,” Marriott CEO Arne Sorenson said in a statement.
Not surprisingly, the company’s stock (MAR) has fallen by nearly 6 percent in premarket trading.
If you think your credit card information might have been hacked, you can get in touch with Marriott’s dedicated call center, which is open seven days a week, at (877) 273-9481. If you were hacked and your email address is in the Starwood database, you will also be notified via email.
Additionally, monitor your credit card accounts for any suspicious charges and check your credit report at AnnualCreditReport.com. You can freeze your credit – which prevents anyone from accessing your credit report – for free. And if you spot any unauthorized purchases in your card accounts, notify your issuers right away.
In addition to other measures it has taken to correct the incident, Marriott is offering its guests free enrollment in WebWatcher for a year. WebWatcher audits sites that share personal information and alerts people if it locates their personal information. If you’re U.S.-based and enroll, you’ll also receive reimbursement coverage and fraud consultation services. To enroll in WebWatcher, click on your country below.