<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">

Marriott Hotels Discloses Data Breach Affecting 500M Customers

Jeff Edwards| November 30 2018

| security, News, Hacks, data breaches


Today, the world's largest hotel chain, Marriott International, disclosed what may be turn out to be one of the largest data breaches in history.

According to a disclosure from the hospitality giant, a data breach has exposed the personal identifiable information (PII) and financial information of up to 500 million customers who visited any of the chain's Starwood properties between 2014 and Sept. 10, 2018.

"On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the United States," wrote Marriott representatives in a statement from Marriott. "Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014."

Transfer Files to Amazon S3 Safely and Securely. Try a free trial of MOVEit  Automation today.

In that database, hackers accessed the information of approximately 500 million guests. For 327 million of those guests, breached data included PII such as name, mailing address, phone number, email address, passport number, date of birth, gender, and more, according to a statement from Marriott. Customer payment card information, which was protected by encryption, was also accessed. At press time, Marriott has not determined whether or not hackers also accessed the encryption keys needed to access that data.

The network intruders encrypted all of the information that they pulled from Marriott's network, likely in an attempt to fool data-loss prevention (DLP) software, and Marriott has not yet been able to decrypt the full set of stolen information.

Marriott did not disclose when in 2014 the data breach began, but Starwood, which was acquired by Marriott in 2015, had a previous breach in November 2015, and the two breaches could be connected.

The previous breach involved the installation of malware of Point-of-Sale machines in Starwood restaurants and gift shops, and did not involve reservations systems.

Topics: security, News, Hacks, data breaches

Leave a Reply

Your email address will not be published. Required fields are marked *


Jeff Edwards is a tech writer and analyst with three years of experience covering Information Security and IT. Jeff has written on all things cybersecurity, from APTs to zero-days, and previously worked as a reporter covering Boston City Hall.

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.