The massive Marriott hotel chain has announced that the private and personal information of up to 500 million guests of the Starwood hotels between 2014 and 2018 might have had their information stolen.
Marriott has stated that the breach is limited to those hotels owned by their Starwood brand. Those hotels include:
- W Hotels
- Westin Hotels & Resorts
- Element Hotels
- Sheraton Hotels & Resorts
- Tribute Portfolio
- The Luxury Collection
- Four Points by Sheraton
- Starwood timeshares
- Aloft Hotels
Marriott claims that the Marriott-branded hotels weren’t impacted due to a different software that wasn’t part of the data breach. However, any guest at a Starwood hotel over the last four years might have had their data stolen. The parent company says that they became aware of the breach in early September when a security tool notified them of a possible violation. The company says that they were unable to decrypt the type of information that had been exposed until now.
Ted Rossman, a financial data analyst, has said that the names, passport numbers, addresses, date of birth and other personal information are of more concern than the guest’s payment information. According to the chain, the majority of the payment information was encrypted and therefore protected.
Currently, privacy commissioners are following up on the data breaches to obtain more information, but because of confidentiality, details are limited at this time.
Arne Sorenson, the Marriott CEO, has made a public statement saying that the company has fallen short of what their guests deserve, and what they expect from themselves. Sorenson has also claimed that Marriott is doing everything possible to support their guests, and using this as a huge lesson learned going forward.
Marriott has set up a call center and a website to answer questions to guests who feel like they are at risk. You can visit the website at https://answers.kroll.com/.