Marriott hacked, private data of over 500 million guests stolen

The information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

HIGHLIGHTS

  • Marriott Hotels on Friday announced a massive data breach.
  • Its systems have been hacked and private data of over 500 million guests has been stolen.
private data of over 500 million guests stolen

So big is the breach that Marriott said that data of almost everyone who has ever stayed at its hotels has been probably stolen or leaked.

"Marriott has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property. For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates," the company said in a statement.

The hotel chain said that the breach took place on or before September 10, 2018.

The company said it learned about the breach after an internal security tool sent an alert on Sept. 8. On further investigation, the hotel chain learned data had been hacked long before.

The company, which bought Starwood in 2016, said it had reported the incident to law enforcement and had begun notifying regulatory authorities.

Marriott said it would send emails to affected guests, starting Friday.

"We are still investigating the situation so we don't have a list of specific hotels. What we do know is that it only impacted Starwood brands," Marriott spokesman Jeff Flaherty told Reuters.

Marriott said that "reported this incident to law enforcement and continues to support their investigation. We have already begun notifying regulatory authorities."

The company has also set up a website where it is informing guests about the breach.

Except for the headline, this article has not been edited by MyDigitalProtection and original article is available at www.indiatoday.in