Marriott hotels have announced a major security breach that includes their Starwood reservation database that affects 500 million visitors in 2014.
The Marriott says about 327 million of these guests, including names, addresses, phone numbers, e-mail, passport numbers and credit card information.
"For some, the data also includes payment card numbers and expiration dates, but payment card numbers are encrypted using Advanced Encryption Standard encryption (AES-128). There are two components required to decode payment card numbers, and at this time, the Marriott could not shut down the possibility of both being taken over. "
– Cancellation from release.
Marriott says it's just a Starwood hotel in St. John's Sheraton.
The Marriott argues that the investigation found that access to the database with contained information on guests related to Starwood's reservation on or before September 10, 2018 was unauthorized.
The company today announced that they received a warning on September 8, 2018 that an attempt was made to access Starwood's database for guest reservation in the US. Marriott says during the investigation he learned that since 2014 there has been an unauthorized access to Starwood's network. The unauthorized party copied and encrypted the information, and on November 19th, Marriott managed to decrypt the information and found their reservation for the Starwood database.
Starwood includes Sheraton hotels and resorts, hotels and resorts in Westin, as well as hotels under the names of W Hotels, St. Regis, Element Hotels, Aloft Hotels, Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Starwood properties are also included.
Read the full Marriott release for this link. FAQ is available on this link.