Marriott says 500 million Starwood accounts compromised

Marriott says its guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests.

Posted: Nov 30, 2018 9:17 AM
Updated: Nov 30, 2018 11:18 AM


Marriott says its guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests.

The hotel chain said Friday the hack affects its Starwood reservation database, a group of hotels it bought in 2016 that includes the St. Regis, Westin, Sheraton and W Hotels.

Marriott said hackers had gained "unauthorized access" to the Starwood reservation system since 2014, but the company only identified the issue last week.

"The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it," Marriott said in a statement.

For 327 million people, Marriott says the guests' exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information. For millions others, their credit card numbers and card expiration dates were potentially compromised.

Marriott warns that it can't confirm if the hackers were able to decrypt the credit card numbers.

"We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward," said CEO Arne Sorenson.

The hotel chain said it has reported the hack to law enforcement.

Marriott said it will begin emailing guests affected by the breach and has created an informational website. There's also a call center that's been set up.

The company said it's giving guests a free membership to WebWatcher, a personal information monitoring service. It's also telling guests to monitor their loyalty accounts for suspicious activity, change their account passwords and check credit card statements for unauthorized activity.

Today's revelation marks one of the biggest corporate data beaches in history. It's second behind one involving Yahoo, which said in 2017 that 3 billion accounts encompassing several of its brands were compromised. AdultFriendFinder revealed in 2016 that 412 million accounts were hacked.

Because the hack involves customers in the European Union and the United Kingdom, the company might be in violation of the recently enacted General Data Protection Regulation.

Mark Thompson, the global lead for consulting company KPMG's Privacy Advisory Practice, told CNN Business that hefty GDPR penalties will "likely" be slapped on the company.

"The size and scale of this thing is huge," he said, adding that it's going to take several months for regulators to investigate the breach, but that he expects class action lawsuits to quickly materialize.

In the United States, the New York Attorney General's office said it has opened an investigation into the data breach. The office told CNN Business that the company hasn't yet notified the AG about the data breach, which is required under state law.

The attorneys general of Maryland and Pennsylvania have also said that they are investigating.

Marriott's (MAR) stock is plunging on the news, falling more than 5% in early trading. The combined company has 6,700 properties in more than 129 countries.

Huntsville
Few Clouds
78° wxIcon
Hi: 89° Lo: 66°
Feels Like: 80°
Florence
Clear
73° wxIcon
Hi: 88° Lo: 69°
Feels Like: 73°
Fayetteville
Clear
73° wxIcon
Hi: 88° Lo: 65°
Feels Like: 73°
Decatur
Scattered Clouds
74° wxIcon
Hi: 87° Lo: 66°
Feels Like: 74°
Scottsboro
Few Clouds
73° wxIcon
Hi: 90° Lo: 68°
Feels Like: 73°
WAAY Radar
WAAY WAAY-TV Cam
WAAY Temperatures

Alabama Coronavirus Cases

Confirmed Cases: 54768

Reported Deaths: 1096
CountyConfirmedDeaths
Jefferson6746170
Mobile4904140
Montgomery4547112
Tuscaloosa269053
Madison22689
Marshall198011
Shelby169125
Lee159637
Morgan13385
Baldwin127711
Walker107532
Elmore106721
Etowah101114
Dallas10029
DeKalb9677
Franklin93816
Autauga69815
Russell6860
Unassigned67928
Chambers67730
Butler65229
Limestone6393
Tallapoosa63069
Cullman6156
Houston6077
Lauderdale5776
St. Clair5443
Calhoun5155
Colbert5096
Escambia4888
Lowndes48422
Pike4795
Jackson4352
Coffee4284
Covington41612
Talladega4017
Barbour3992
Dale3951
Bullock37810
Hale35423
Marengo35411
Chilton3312
Blount3201
Clarke3176
Wilcox3038
Winston2995
Sumter29213
Marion29014
Pickens2746
Randolph2639
Monroe2603
Perry2502
Conecuh2318
Bibb2241
Macon2199
Choctaw21712
Greene1989
Henry1553
Washington1488
Lawrence1360
Crenshaw1323
Cherokee1247
Geneva980
Lamar891
Clay852
Fayette851
Coosa661
Cleburne451
Out of AL00

Tennessee Coronavirus Cases

Confirmed Cases: 61960

Reported Deaths: 741
CountyConfirmedDeaths
Shelby13594224
Davidson13309143
Rutherford360239
Hamilton336438
Sumner194556
Williamson176316
Knox16209
Trousdale15105
Out of TN141610
Wilson118717
Putnam10197
Bradley9724
Robertson94813
Sevier9123
Unassigned8902
Montgomery7787
Tipton6987
Lake6960
Bledsoe6291
Bedford6249
Macon6037
Hamblen4744
Maury4623
Hardeman4184
Fayette3705
Madison3632
Rhea3430
Blount3393
Loudon3282
Dyer2923
McMinn28419
Cheatham2753
Dickson2750
Washington2620
Lawrence2396
Cumberland2214
Sullivan2214
Anderson2002
Jefferson1871
Lauderdale1824
Gibson1811
Smith1602
Monroe1556
Greene1512
Coffee1430
Cocke1380
Hardin1287
Warren1270
Obion1243
Haywood1213
Marshall1182
Franklin1163
Wayne1160
McNairy1071
Carter1052
Giles1051
Hickman1050
Marion954
Hawkins912
Lincoln870
White863
DeKalb850
Roane850
Henderson740
Weakley741
Overton731
Campbell701
Chester690
Claiborne680
Grundy652
Unicoi580
Grainger560
Polk550
Crockett543
Henry530
Carroll521
Cannon500
Sequatchie490
Humphreys472
Jackson470
Johnson460
Meigs380
Perry380
Morgan321
Decatur290
Scott280
Fentress270
Stewart260
Union240
Moore210
Clay200
Houston200
Benton151
Hancock120
Lewis110
Van Buren90
Pickett70

 

 

Community Events