Rome News-Tribune

Marriott security breach exposed data of up to 500M guests

- By Michelle Chapman and Mae Anderson

NEW YORK — Hackers stole informatio­n on as many as 500 million guests of the Marriott hotel empire over four years, obtaining credit card and passport numbers and other personal data, the company said Friday as it acknowledg­ed one of the largest security breaches in history.

The full scope of the failure was not immediatel­y clear. Marriott was trying to determine if the records included duplicates, such as a single person staying multiple times.

The affected hotel brands were operated by Starwood before it was acquired by Marriott in 2016. They include W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury Collection, Le Méridien and Four Points. Starwood-branded timeshare properties were also affected. None of the Marriott-branded chains were threatened.

The crisis quickly emerged as one of the biggest data breaches on record.

“On a scale of 1 to 10 and up, this is one of those No. 10 size breaches. There have only been a few of them of this scale and scope in the last decade,” said Chris Wysopal, chief technology officer of Veracode, a security company.

By comparison, last year’s Equifax hack affected more than 145 million people. A Target breach in 2013 affected more than 41 million payment card accounts and exposed contact informatio­n for more than 60 million customers.

Security analysts were especially alarmed to learn that the breach began in 2014. While such failures often span months, four years is extreme, said Yonatan Striem-Amit, chief technology officer of Cybereason.

It was unclear what hackers could do with the credit card informatio­n. Though it was stored in encrypted form, it was possible that hackers also obtained the two components needed to descramble the numbers, the company said.

For as many as two-thirds of those affected, the exposed data could include mailing addresses, phone numbers, email addresses and pass- port numbers. Also included might be dates of birth, gender, reservatio­n dates, arrival and departure times and Starwood Preferred Guest account informatio­n.

“We fell short of what our guests deserve and what we expect of ourselves,” CEO Arne Sorenson said in a statement. “We are doing everything we can to support our guests and using lessons learned to be better moving forward.”

?? / AP-Danny Johnston, File ?? A man works on a new Marriott sign in front of the former Peabody Hotel in Little Rock, Ark. Marriott says the informatio­n of up to 500 million guests at its Starwood hotels has been compromise­d. It said Friday that there was a breach of its database in September, but also found out through an investigat­ion that there has been unauthoriz­ed access to the Starwood network since 2014.
/ AP-Danny Johnston, File A man works on a new Marriott sign in front of the former Peabody Hotel in Little Rock, Ark. Marriott says the informatio­n of up to 500 million guests at its Starwood hotels has been compromise­d. It said Friday that there was a breach of its database in September, but also found out through an investigat­ion that there has been unauthoriz­ed access to the Starwood network since 2014.

Newspapers in English

Newspapers from United States