Today, the Marriott International hotel chain stated that its Starwood reservation system had been hacked, compromising the personal data of around 500,000,000 guests who had stayed at the company’s hotels since 2014.
According to the company, which manages over 6,500 properties worldwide, only its Starwood subsidiary reservation system was hacked. However, that still means data was taken from up to around 1,200 properties from many hotels popular among those who attend comics conventions around the globe. For example, just at San Diego Comic-Con this year, Starwood properties included:
- Four Points by Sheraton
- The US Grant San Diego
- Westin San Diego
- Sheraton San Diego Hotel and Marina
- Sheraton San Diego-Mission Valley
According to a statement issued by Marriott, the company was first alerted to the data breech on September 8th, 2018, and determined that data from Starwood Reservations System servers had been stolen on November 19th, 2018. However, according to the company, there has been “unauthorized access to the Starwood network since 2014.” In essence, anyone who stayed at one of their hotels in the last four years, up until September 10th, 2018, has possibly had their data stolen.
What data, you ask? 327,000,000 have apparently lost “some combination of”:
- Mailing address
- Phone number
- Email address
- Passport number
- Starwood Preferred Guest (“SPG”) account information
- Date of birth
- Arrival and departure information
- Reservation date
- Communication preferences
The company has also stated that some people may have had their credit card information stolen as well. They stated that that data was protected by Advanced Encryption Standard encryption, which means the hackers would need two components to access the payment data. However, “Marriott has not been able to rule out the possibility that both were taken.”
Make no mistake, if you stayed at a Starwood property in recent years, there is a strong chance that some of your most sensitive data may have been compromised. Marriott said that they would be sending emails out on a rolling basis starting from today to any guests whose data had been stolen. They’ve also set up a website and call center to address your concerns directly.