Arne Sorenson, president and chief executive of Marriott International, apologises for the “colossal” security breach.
Data belonging to up to 500 million Marriott guests may have been compromised in a massive breach of its Starwood guest reservation database, the company has admitted.
Credit card details, passport numbers, dates of birth, postal addresses, email addresses, phone numbers and other personal info of up to 500 million people were stolen in the hack.
An initial investigation shows there has been unauthorised access to the Starwood network since as far back as 2014, the hotel giant says, and an “unauthorised party” has copied and encrypted the information.
This initial date of unauthorised access predates the Marriott and Starwood merger in 2016.
Marriott was finally able to decrypt this information on November 19 and learned that the content was from its Starwood systems.
The breach was first spotted in the Starwood guest reservation database in the US on September 8, the Guardian newspaper reports. That discovery led to further investigation.
We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves,” Arne Sorenson, Marriott International’s president and chief executive said.
“We are doing everything we can to support our guests and using lessons learned to be better moving forward.”
IT and hospitality insiders say the scale of the attack is alarming.
The data breach is “on a colossal scale and [will] be of great concern to Marriott customers, commented the consumer rights organization Which?, adding: “It is vital that Marriott provides clear information on what has happened and helps anyone who has been negatively impacted.”
“The most disappointing part of this hack is the fact that the amount of data stolen is one of the bigger ones of the last few years and further made worse by the fact that the compromise had been going on for at least four years,” Tom van de Wiele of the information security firm F-Secure tells the Guardian.