NEW YORK: Marriott International announced on Friday (November 30th) that hackers unlawfully access the Starwood reservation database since 2014, potentially exposing personal information to about 500 million guests.
The company said that for 327 million people, endangered personal information may include a combination of name, postal address, phone number, email address, passport number, date of birth and Starwood Preferred Guest account among other personal information.
For some other information can include credit card numbers and expiration dates, but these numbers are encrypted, the hotel chain said.
There are two components needed to decode payment card numbers, and at this time, Marriott stated that it could not rule out the possibility that both were stolen.
The company said she learned of the breach after the Inner Security Tool sent a warning on September 8th.
The company initiated an investigation and discovered that since 2014 there has been an unauthorized access to the Starwood network.
He said the unauthorized party "copied and encrypted data and took steps to remove it".
On November 19, Marriott managed to decrypt the data and found that the contents were from the Starwood reservation database.
"We deeply regret what happened," said Arne Sorenson, president and chief executive officer of Marriott. "We miss what the guests deserve and what we expect from ourselves."
The Marriott, who bought Starwood in 2016, said he reported the incident to the police and began informing the regulatory authorities.
He added that he would send email to the affected guests, starting on Friday.
"We are still investigating the situation so we do not have a list of specific hotels. What we know is that it only affected the Starwood brand," said spokeswoman Marriott Jeff Flaherty Reuters.
Starwood properties include W Hotels, St. Regis, Sheraton hotels and resorts, as well as Westin hotels and resorts.
Read: Cathay says the "most intense" period of data violation lasted for months
READ: Singapore health system hit by "the most serious personal data breach" in cyberattack; PM Lee's target data
Read: Facebook says a major violation has exposed 50 million accounts until full download
"We support law enforcement efforts and work with leading security specialists to improve," said hospitality div.
"Marriott also dedicates the resources needed to abolish the Starwood system and accelerate lasting security improvements on our network."
When contacting Channel NewsAsia, Marriott International representative refused to comment further.
The hotel group later became the target of hackers, seeking to steal information such as credit card information.
Last year, InterContinental Hotels Group and Hyatt Hotels Corp. were victims of cyberattacks.
Hyatt announced that he uncovered unauthorized access to payment card information at certain locations, affecting 41 properties in 11 countries.