News World ‘This is huge’: Massive data breach at Marriott hotel chain affects 500 million guests
Updated:

‘This is huge’: Massive data breach at Marriott hotel chain affects 500 million guests

marriott-hack
Marriott said it was alerted on September 8 that there had been an attempt to hack their reservation database. Photo: Getty
Share
Twitter Facebook Reddit Pinterest Email

A major investigation is underway in the US after the Marriott hotel chain revealed a massive data breach affecting the personal details of up to 500 million guests who made reservations at its Starwood properties.

According to a statement released on Saturday (Friday local time), the US company said they had discovered unauthorised access to the reservation database.

“We fell short of what our guests deserve and what we expect of ourselves,” chief executive Arne Sorenson said.

“We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

The hack, among the largest ever disclosed, prompted a big drop in Marriott shares and the New York Attorney General to open its own investigation.

Attorney General Barbara Underwood said residents need to know that their personal information is safe.

The discovery came as part of an investigation earlier this month, which had been looking at a cyber attack dating back to 2014.

The company believes the breach affected “up to approximately 500 million guests who made a reservation at a Starwood property”.

For around 327 million of those people, the duplicated information includes some combination of name, address, phone number, email, passport number, and other personal details, as well as details of their stay, the statement said.

Credit card numbers and expiration dates of some guests may have been taken.

Marriott first became suspicious of a possible hack in September after receiving an alert from an internal security tool.

The investigation found the thieves copied and encrypted information, and took steps towards removing it.

Last week the company was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.

In addition to Westin, Sheraton and St Regis, the Starwood chain of hotels includes Le Meridien and W Hotels.

Guests of the hotel chain took to Twitter to express their outrage and concern, describing the breach as “huge” while others suggested changing your date of birth to make it difficult for hackers, “Congrats on your new birthday”.

One angry user said: “I’m just going to post my info out on 4chan and get it over with”.

Lawyers have already seized on the data breach, announcing lawsuits have been lodged against Marriott.

Marriott purchased Starwood in 2016 and apparently the security vulnerability came along with the purchase. The Starwood IT system is to be discontinued.

Marriott latest to fall victim to hackers

Marriott, one of the world’s largest hotel chains, is the latest corporation to fall victim to a hacker attack.

Internet service provider Yahoo was attacked in 2013 by unknown hackers who gained access to 3 billion user accounts, including names, email addresses, telephone numbers and passwords.

A hack into eBay’s system, details of which became public in May 2014, compromised the data of about 145 million customers, including email and residential addresses, as well as log-in information.

-with AAP