Marriott says guest reservation database was breached, impacting up to 500 million hotel guests

Posted at 4:00 AM, Nov 30, 2018
and last updated 2018-11-30 20:51:49-05

Marriott International says a guest reservation database has been breached and may have exposed information of approximately 500 million guests.

The company says it is investigating and addressing the incident that involves the Starwood guest reservation database. They received an alert on Sept. 8 from an internal security tool regarding an attempt to access the Starwood guest reservation database. Marriott quickly called on security experts to help figure out what happened.

Security experts learned there had been unauthorized access to the Starwood network since 2014. On Nov. 19, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.

For approximately 327 million guests affected by the breach, the information accessed includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

Marriott says they have established a dedicated call center (USA: 877-273-9481) to answer questions guests may have about the breach. The call center is open seven days a week and available in multiple languages. 

Marriott has posted information about the breach here

For guest support, click here.



The company posted the following statement about the breach: 

Marriott deeply regrets this incident happened. From the start, we moved quickly to contain the incident and conduct a thorough investigation with the assistance of leading security experts. Marriott is working hard to ensure our guests have answers to questions about their personal information with a dedicated website and call center. We are supporting the efforts of law enforcement and working with leading security experts to improve. Marriott is also devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.

Stephen Cobb, a senior security researcher at San Diego cyber security firm ESET, said this data breach is different because of the type of information obtained, including hotel history and passport numbers. He said that data can be combined with previously stolen data, such as a social security number, to create a more complete profile. It can also make people more susceptible to being scammed.

"In order for a person to scam you, it helps if they know things about you,” Cobb said. "And it makes the scammers approach to you more convincing if they happen to know your family member names, if they happen to know you stayed at a hotel. This information is now being used in phone scams, email scams and so on.”"

Cobb said to protect yourself, it’s important to change passwords, check accounts for suspicious activities, and consider a credit freeze.