Marriott’s Starwood database hacked, 500 million may be affected
(Reuters) - Marriott International Inc said yesterday that hackers accessed about 500 million records in its Starwood Hotels reservation system in an attack that began four years ago, exposing personal data of customers including some payment card numbers.
Shares fell 5 percent after disclosure of the hack, one of the largest in history, which prompted regulators in Britain and at least three U.S. states to announce plans to look into the attack.
The hack began in 2014, before Marriott offered to buy Starwood for $12.2 billion in November 2015, acquiring brands including Sheraton, Ritz Carlton and Westin to create the world’s largest hotel operator. The company closed the Starwood deal in September 2016.
Passport details, phone numbers and email addresses of some 327 million Marriott customers were exposed, according to the company. Credit card data may have been taken for other customers, it said.
“What makes this serious is the number of people involved, the intimacy of the data that was taken and the long delay between the breach and discovery,” said Mark Rasch, a former U.S. federal cyber crimes prosecutor.
Customers complained to Marriott through its account on Twitter, where Starwood was among the top trending U.S. topics. Some criticized the company, using terms including “duped,” “angry” and “merger disaster” to describe the incident. Marriott said it learned of the breach on Sept. 8 when an internal security tool sent an alert about suspicious activity.
“We fell short of what our guests deserve,” Marriott Chief Executive Arne Sorenson said.