Monday , May 27 2019
Home / australia / Marriott's Starwood hotels hacked, compromising 500 million guests

Marriott's Starwood hotels hacked, compromising 500 million guests



Updated

December 01, 2018 01:41:34

The personal information of as many as 500 million people staying at Starwood hotels has been compromised as Marriott says it has uncovered unauthorized access to its Starwood network since 2014.

Key points:

  • The hotel chain knew about a breach in September but where unable to work out what data had been stolen
  • As many as 500 million visitors may have had stolen data, but repeat customers may lower that number
  • Email notifications are being sent to those guests affected

The company said on Friday that credit card numbers and expiration dates of some guests may have been taken.

For as many as two-thirds of those affected, data exposed could include mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences.

For some guests, the information was limited to name and sometimes other data such as mailing address, email address or other information.

"We fell short of what our guests deserve and what we expect from ourselves," Marriott International chief executive Arne Sorenson said in a statement.

"We are doing all we can to support our guests, and using lessons learned to be better moving forward."

Email notifications to those who may have been affected will start rolling out on Friday, US time.

While the breach affected "approximately 500 million guests" who made a reservation at a Starwood hotel, some of those records could belong to people who had multiple stays.

When the two companies announced their merger in November 2015, Marriott had 54 million members of its loyalty program and Starwood had 21 million. Many travelers were members in both programs.

Asked for more details on the 500 million number, Marriott spokesman Jeff Flaherty said the company did not finish identifying duplicate information in the database.

Marriott said there was a breach of its database in September, which had guest information related to reservations at Starwood properties on or before September 10.

An internal security tool signaled a potential breach on September 8, but the company was unable to decrypt the information that would define what data had potentially been exposed.

Starwood operates under the names of W Hotels, St Regis, Sheraton Hotels and Resorts, Westin Hotels and Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Meridien Hotels and Resorts, Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties are also included.

Marriott has had a rocky process of merging its computer system with Starwood computers.

Members of both loyalty programs have complained about missing points, glitches with stays crediting to their accounts and problems with free nights earned from credit cards not appearing.

Mr. Sorenson said that Marriott is still trying to phase out Starwood systems.

Marriott has set up a website and call center for anyone who thinks they are at risk.

AP / ABC

Topics:

travel-and-tourism,

lifestyle-and-leisure,

fraud-and-corporate-crime,

law-crime-and-justice

First posted

December 01, 2018 00:02:22


Source link