Marriott International, Inc. is an American multinational diversified hospitality company that manages and franchises a broad portfolio of hotels and related lodging facilities.
For conveniency, the hotel chain asks guests checking in for a variety of information that include: full names, credit card numbers, physical addresses and sometimes passport numbers. And here, Marriott revealed that hackers had breached its Starwood reservation system, and stole the personal data of up to 500 million guests.
The breach hit guests who have previously made reservations for the Marriott-owned Starwood hotel brands between 2014 and 2018.
They include properties like: Sheraton, Westin, W Hotels, St. Regis, Four Points, Aloft, Le Méridien, Tribute, Design Hotels, Element and the Luxury Collection.
As for Marriott hotels, including Residence Inn and the Ritz-Carlton, they operate on a different reservation system, meaning that data of guests weren't compromised.
The hack actually went unnoticed for about four years by Starwood, which was acquired by Marriott in 2016 for $13.6 billion.
It was only discovered in early September, when a security tool alerted Marriott officials to an unauthorized attempt about an unauthorized access to Starwood’s guest reservation database. This alerted Marriott, which quickly assembled a team to work with third-party security experts.
During the investigation, they found that the hackers had managed to hack Starwood’s systems since 2014.
To inform affected guests, Marriott said that it had set up a dedicated website and a call center to deal with the public relation.
The company also offered a one year of free membership to a service called WebWatcher to people who live in the U.S., Canada and Britain. Marriott described this as a service that keeps an eye on websites where hackers may sell or trade this massive trove of information.
“We deeply regret this incident,” Arne Sorenson, Marriott’s president and chief executive, said in a statement. “We fell short of what our guests deserve and what we expect of ourselves.”
This Marriott hack happened around the same time as the number of other breaches in the U.S. that include health insurers and government agencies.
The hack campaign was considered the largest data theft in history, coming only second to Yahoo!'s 2013 breach that affected billions of its users.
In 2020, Marriott again experienced another hack, affecting 5.2 million of its guests.