Page-Banner---News

Marriott Data Breach Exposes a Possible 500 Million Guests

On 30 November 2018, Marriott International Incorporated (Marriott) reported one of the largest data breaches on record. In a news release, the hotel chain revealed that there was unauthorised access to its Starwood reservation database where approximately 500 million customers who had made a reservation with a Starwood property1 between 2014 and 10 September 2018, may have had their personal data breached2.  For 327 million of these guests, the information subject of the breach contains a combination of either their name, mailing and email address, passport numbers, birth dates, travel and reservation dates and credit card numbers3

After receiving a notification of an attempt to access the Starwood guest reservation database from an internal security tool on 8 September 2018, Marriott engaged a security expert to conduct an investigation4. During the investigation, Marriott was informed that the Starwood network had unauthorised access of its databases since 20145. This is prior to Marriott entering negotiations to acquire Starwood in 2015 for $13.6 billion with settlement occurring in 20166.  

On 19 November 2018, Marriott learned that the unauthorised party copied, encrypted and took steps to remove information from the Starwood system7. Marriott stated that even though their customer’s credit card information was encrypted in the Starwood database, they are unable to conclude that this information has not been the subject of unauthorised access8.  

Marriott’s President and Chief Executive Officer, Arne Sorenson, affirms that their organisation is committed to their guests to provide answers to questions regarding their personal information9. While Ms Sorenson admits to falling short of ‘what their guests deserve’ and their own expectations, this is the second major security breach that Starwood have reported since their cash register systems were compromised in 201510.   



------------------------------------------------------

[1]  Starwood properties include Sheraton, Ritz Carlton Westin, W Hotels, St. Regis, Four points, Aloft, Le Meridien, Tribute, Design Hotels, Element and the Luxury Collection. 
[2]  Marriott International, ‘Marriott Announces Starwood Guest Reservation Database Security Incident’ (Press Release, 30 November 2018) <http://news.marriott.com/2018/11/marriott-announces-starwood-guest-reservation-database-security-incident/>; 
[3]  Ibid.
[4]  Ibid.
[5]  Ibid.
[6]  Nicole Perlroth, Amie Tsang and Adam Satariano, ‘Marriott Hacking Exposes Data of Up to 500 Million Guests’, The New York Times (online), 30 November 2018 <https://www.nytimes.com/2018/11/30/business/marriott-data-breach.html>.
[7]  Marriott International, ‘Marriott Announces Starwood Guest Reservation Database Security Incident’ (Press Release, 30 November 2018) <http://news.marriott.com/2018/11/marriott-announces-starwood-guest-reservation-database-security-incident/>; Nicole Perlroth, Amie Tsang and Adam Satariano, ‘Marriott Hacking Exposes Data of Up to 500 Million Guests’, The New York Times (online), 30 November 2018 <https://www.nytimes.com/2018/11/30/business/marriott-data-breach.html>.
[8]  Ibid.
[9]  Ibid.
[10]  Ibid.