Towards the end of this week, Marriott International revealed that the information of approximately 500 million guests could have been compromised as part of a Starwood guest reservation database breach. This is potentially among the biggest breaches of consumer data in history.
Alas, representatives from the largest hotel chain in the world report they first received an alert from an internal company security tool, in September, regarding the potential threat. Upon investigation, the company then say they discovered unauthorized access to the database since 2014, noting that an “unauthorized party” had copied and also encrypted private information.
While they estimate the breach affects roughly 500 million guests, Marriott also notes that approximately 327 million of these guests, the stolen data includes important primary information including like name, date of birth, gender, phone number, email address, and mailing address. More importantly, perhaps, the breach could have also threatened their customer information, too; information like Starwood Preferred Guest account information, passport number, arrival and departure data, reservation data, and even communication preferences.
Fortunately, credit card information was not among the most commonly stolen data, though it does appear that a few customers had their credit card information taken. Of course, that information is typically encrypted, by Marriott says they cannot be certain if this information had been decoded.
Following up on the announcement, then, Marriott hotels also say they have taken the necessary steps to address the breach and are also cooperating with authorities. Furthermore, Marriott also revealed they have set up a website for consumers who are concerned that their information may have been included in the breach and that they plan to notify customers, by email, as the investigation progresses. They have also set up a call center for addressing concerns live.
Marriott also says they are giving those guests whose data may have been compromised a free membership to WebWatcher. WebWatcher is a web-based personal data monitoring service. Also, the hotel chain has advised guests to monitor their loyalty accounts for any suspicious activity and conduct other security measures like changing account passwords and checking credit card statements for unusual and unauthorized activity.