Marriott International Inc. has admitted that a massive data breach has compromised the guest reservation database at its Starwood unit which affected approximately 500 million guests.
The hotel chain said in an internal investigation they found out an unauthorized party had been found accessing, coping, andd encrypting its data from reservation system since 2014.
Once the internal investigation is completed the company would notify all its customers whose records were breached.
The company released a statement stating: “For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.”
Some of the customer’s payment card number and payment card expiration date were also included in the database. Marriott had reported the breach to law enforcement.
“There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken,” the company said in its statement. “For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address or other information.
The company has launched a separate website to readdress the grievances of the affected customers and give them more information about the breach. They are offering customers from US and some other countries a year-long free subscription to a fraud-detecting service.
“We deeply regret that this incident happened,” said Arne Sorenson, Marriott’s president. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests and using lessons learned to be better moving forward.”