Starwood Hotels and Marriott confirmed on Friday that a database containing 500 million people’s information had been stolen in a data breach.
The hotel chains, which are now teamed up under the Marriott banner, told the federal government about the breach in a regulatory filing. TechCrunch reports that the unauthorized access of a Starwood guest database was discovered in September.
But the breach went back as far 2014. So what was taken?
Roughly 327 million customer records accessed in the breach contained guest names, addresses, phone numbers, and even passport numbers. Other data includes dates of birth, gender, Starwoods Rewards account information, check-in and check-out dates, and more. Starwood also said some guests’ encrypted credit card information was taken and said it could not rule out whether the hackers could decrypt that information.
“We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests and using lessons learned to be better moving forward,” Marriott CEO Arne Sorenson said in a statement.
This is just the latest hotel and airline brand to lose sensitive data from its customers. It follows big breaches at Cathay Pacific, British Airways, and others. These companies simply need to do better to safeguard information on their guests and customers.
If you stayed at a Starwood or Marriott property any time in the last five or so years, watch your accounts.
Lead photo credit of Marriott Hotels
Editorial Note: Any opinions, analyses, reviews, or recommendations expressed in this article are those of the author’s alone, and have not been reviewed, approved, or otherwise endorsed by any card issuer.