The content is accurate at the time of publication and is subject to change.
If you have stayed at a Starwood hotel you might want to keep an eye on your credit report because Marriot has announced that the Starwood guest reservation system was breached. Reportedly, this hack may have compromised the personal information of just about 500 million guests.
Of the 500 million guests whose data is believed to have been compromised about 327 million may have had some or all of their personal information acquired by cyber thieves. Marriot believes that hackers may have stolen a wide range of guest information, including their name, mailing address, phone number, email address, gender, reservation date, Starwood Preferred Guest ("SPG") account information, date of birth, arrival/departure information, and communication preferences. Some people may have also had their passport number and information compromised as well.
What about credit card information? Some people's payment card information may have been compromised. Right now Marriot cannot confirm whether or not customer's credit and debit card information was decrypted by hackers.
While the Starwood guest reservation system was the target of the breach, the database contains information from a variety of hotels that are part of the companies brand, including: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels.
The data breach dates back to 2014, but Marriot was alerted to the potential hack on September 8th, 2018 by a security tool they were using to monitor their systems. Then on November 19th, they were able to determine that the Starwood guest reservation database had been accessed by cyber thieves, and that during the data breach hackers copied guest information.
Marriot has taken steps to shut the breach down and began working with law enforcement. They have also started reaching out to regulatory authorities. "We deeply regret this incident happened," said Arne Sorenson, Marriott's President, and Chief Executive Officer. "We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward."
Help for guests
Marriott has set up a website and Call Center to answer guest's questions and concerns about the breach. They have also begun sending out emails to people who they believe were affected by the breach.
Customers who have been affected can also get one year of WebWatcher for free. This service monitors internet sites that specialize in selling personal information. If the individual's information shows up on one of these sites they will receive an alert.
People in the United States who activate WebWatcher are also eligible for fraud consultation services and reimbursement coverage.