MARRIOTT DATA BREACH COMES AS HOTEL CHAIN EXPANDS ACROSS REGION
▶ Hackers were able to access up to 500 million customer records, meaning personal financial details may be exposed
Of the 153 Marriott-owned hotels in the Middle East, 125 can be booked through the Starwood Hotels reservation system, the site of a hack that accessed up to 500 million customer records including card numbers, in a breach of the world’s largest hotel operator.
Marriott, based in Maryland, US, said on its website that it had started to inform affected guests about the breach on Friday, and that it had reported it to law enforcement and regulatory authorities.
Two spokesmen for the brand in the Middle East could not be reached for comment. Calls to the UAE-specific customer hotline went unanswered yesterday.
The breach comes amid a rapid regional expansion for the hotel operator. Over the next five years, the chain will add 20 more properties in the UAE, in addition to the 57 already open.
In Saudi Arabia, Marriott is planning a $2 billion investment over five years for 27 hotels on top of the 25 currently in operation.
Starwood brands with properties in the Middle East include W Hotels, St Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, The Edition, Aloft Hotels, Le Meridien Hotels & Resorts, Four Points by Sheraton and Design Hotels.
Its most recent opening is The Edition Abu Dhabi in Al Bateen last month.
The hack began in 2014, according to Marriott, a year before the company offered to buy Starwood to create the world’s largest hotel operator. The $13.6bn deal closed in September 2016.
The company said on its website that it learnt of the breach on September 8 when an internal security tool sent an alert about suspicious activity.
In its quarterly filing dated November 6, Marriott added a warning about security breaches to its disclosures without providing details on specific attacks, Bloomberg reported.
Some 327 million customer records containing information including passport details, birth dates, addresses, phone numbers and email addresses were exposed, according to the company.
The hackers also accessed payment card data for an undisclosed number of customers, the company said.
Marriott shares plunged on Friday, falling as much as 6 per cent before ending the day 5.6 per cent down, shaving about $2.4 billion off equity value.
Investigators in the UK and five states in the US have already opened inquiries into the cyber-breach.
Morgan Stanley analyst Thomas Allen called the huge sell-off in Marriott shares “an overreaction”, saying that a 2 to 3 per cent impact would have been more appropriate in the circumstances.
Data breaches typically cost $1 per customer in notification and other services, according to Insurance Insider, and Mr Allen estimated potential fines
We fell short of what our guests deserve and what we expect of ourselves. We are doing all we can to support our guests better ARNE SORENSON Marriott chief executive
and/or settlements of about $200 million for Marriott.
Insurance Insider also reports that sources suggest the company has about $300m of cyber insurance coverage to partially offset losses, Mr Allen said.
“We fell short of what our guests deserve and what we expect of ourselves,” Marriott chief executive Arne Sorenson said on Friday. “We are doing everything we can to support our guests, and using lessons learnt to be better.”