Marriott Hotels Discloses Data Breach Affecting 500M Customers

Marriott Hotels Discloses Data Breach Affecting 500M Customers

Posted on November 30, 2018 0 Comments

Today, the world's largest hotel chain, Marriott International, disclosed what may be turn out to be one of the largest data breaches in history.

According to a disclosure from the hospitality giant, a data breach has exposed the personal identifiable information (PII) and financial information of up to 500 million customers who visited any of the chain's Starwood properties between 2014 and Sept. 10, 2018.

"On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the United States," wrote Marriott representatives in a statement from Marriott. "Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014."

Transfer Files to Amazon S3 Safely and Securely. Try a free trial of MOVEit  Automation today.

In that database, hackers accessed the information of approximately 500 million guests. For 327 million of those guests, breached data included PII such as name, mailing address, phone number, email address, passport number, date of birth, gender, and more, according to a statement from Marriott. Customer payment card information, which was protected by encryption, was also accessed. At press time, Marriott has not determined whether or not hackers also accessed the encryption keys needed to access that data.

The network intruders encrypted all of the information that they pulled from Marriott's network, likely in an attempt to fool data-loss prevention (DLP) software, and Marriott has not yet been able to decrypt the full set of stolen information.

Marriott did not disclose when in 2014 the data breach began, but Starwood, which was acquired by Marriott in 2015, had a previous breach in November 2015, and the two breaches could be connected.

The previous breach involved the installation of malware of Point-of-Sale machines in Starwood restaurants and gift shops, and did not involve reservations systems.

Jeff Edwards

Jeff Edwards is a tech writer and analyst with three years of experience covering Information Security and IT. Jeff has written on all things cybersecurity, from APTs to zero-days, and previously worked as a reporter covering Boston City Hall.

Comments

Comments are disabled in preview mode.
Topics

Sitefinity Training and Certification Now Available.

Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.

Learn More
Latest Stories
in Your Inbox

Subscribe to get all the news, info and tutorials you need to build better business apps and sites

Loading animation