Personal data belonging to hundreds of millions of guests who made reservations at the properties of Marriott International-owned Starwood was compromised by hackers in an attack that started in 2014.
On Friday morning, Marriott released a press release saying it determined on November 19 that hackers had accessed the reservation database of Starwood. The database contained reservations made by guests on or prior to September 10, 2018.
“We deeply regret this incident happened,” said Arne Sorenson, Marriott’s President and Chief Executive Officer. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
The theft of information on Marriott’s database is one of the biggest corporate hacks in history surpassed only by the Yahoo breach in 2013 and 2014. The hotelier has reported the incident to law enforcement agencies and has also started notifying regulatory authorities.
“Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call center,” Sorenson said. “We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”
The attack is even more sensitive due to the range of guest information potentially stolen. Security analysts say personal data such as names, payment card details, passport numbers, and travel details may have ended up in the hands of the hackers.
The company said information for about 327 million guests included some combination of an email address, phone number, name, mailing address, passport number, date of birth, gender, communication preferences, reservation date, departure and arrival information, as well as Starwood Preferred Guest account information.
Multiple law enforcement agencies in and outside the U.S said they are examining the situation following news of the breach. Stolen personal details tend to find their way into the black market where they are sold to criminals who use them to carry out attacks on individuals, including targeted email phishing schemes and identity theft.
Marriott stock, which has run down more than 9% year over year, lost $6.81, or 5.59% to close the regular session at $115.03 on Friday.
Marriott International Profile
Marriott International, Inc. operates, franchises, and licenses hotel, residential, and timeshare properties worldwide. The company operates through three segments: North American Full-Service, North American Limited-Service, and Asia Pacific. Its properties include W Hotels, The Luxury Collection, St. Regis, and Bulgari.
As of October 9, 2018, it operated approximately 6,700 properties under 30 hotel brands in 130 countries and territories. Marriott International, Inc. was founded in 1927 and is headquartered in Bethesda, Maryland. – Yahoo Finance