500 Million Marriott Customers Have Had Their Data Hacked
Affected hotels include W, Sheraton and Westin.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken.
Related: Is My Data Really Safe? Your Questions About Cloud-Based Storage, Answered.
Marriott said the unauthorized access has been going on since 2014, and that the breach affects customers who made bookings on or before September 10, 2018.
Marriott said that this credit card information was encrypted, but that it is possible that the hackers also took the information necessary to decrypt them.
For around 367 million of those affected, Marriott said, the information taken includes some combination of their name, mailing address, phone number, email address, passport number, date of birth, gender and other information around their Starwood account.
The company determined on November 19 that there had been unauthorized access to the Starwood database, which contained information from guests who stayed in Starwood properties on or before September 10 of this year.
Starwood brands include:
- W Hotels
- St. Regis
- Sheraton Hotels & Resorts
- Westin Hotels & Resorts
- Element Hotels
- Aloft Hotels
- The Luxury Collection
- Tribute Portfolio
- Le Méridien Hotels & Resort
- Four Points by Sheraton
- Design Hotels
Marriott bought Starwood hotels in 2016. Starwood is now a subsidiary of Marriott, and it does not appear that Marriott-branded hotels or other hotels owned by Marriott were affected by the breach.
This chart shows how Marriott splits up its hotels:
"Marriott reported this incident to law enforcement and continues to support their investigation. The company has already begun notifying regulatory authorities," the company said.
Arne Sorenson, Marriott's President and Chief Executive Officer, said: "We deeply regret this incident happened.
"We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward."
Marriott could not be reached for comment when contacted by Business Insider.