500m Marriott guest details hit in hacking raid
ONE OF the world’s largest hotel chains has confirmed that the data of 500m guests may have been exposed during breaches in a reservation database that began in 2014.
The “data security incident” hit the system for Marriott’s Starwood portfolio, which includes Trump Turnberry in Ayrshire as well as London’s Park Lane Sheraton Grand, Westbury Mayfair and Le Meridien Piccadilly.
Work is continuing, but the firm said the breached database contains the information of up to half a billion guests who booked before September 10.
The database stored information including passport numbers, dates of births, names, addresses and phone numbers for 327m guests.
Payment card numbers and expiration dates were also stored for some.
Marriott, which bought Starwood in 2016, is yet to establish how many UK customers have been affected. The breach was spotted in the Starwood guest reservation database in the United States on September 8 and the company “discovered that an unauthorised party had copied and encrypted information, and took steps towards removing it”, a statement said.
Security experts determined there “had been unauthorised access to the Starwood network since 2014”, it added.
Researchers decrypted the in- formation and determined its contents were from the Starwood reservation databases on November 19, Marriott said.
The hotel chain’s president and chief executive, Arne Sorenson, yesterday spoke of the company’s “deep regret” that the data breach had happened.
“We fell short of what our guests deserve and what we expect of ourselves.
“We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
The Maryland-based firm, which has hotels across the globe, said law enforcement agencies are investigating.
Payment card numbers are encrypted using a method that requires two components to break it, a statement said.
“Marriott has not been able to rule out the possibility that both were taken,” it added.
The National Crime Agency said it is making inquiries following the data breach, and the New York Attorney General has also opened an investigation.
Facebook was fined £500,000 over the Cambridge Analytica scandal which saw an estimated 87m users’ data breached, but the tech giant has mounted an appeal.