Marriott has taken measures to investigate and address a data security incident involving the Starwood guest reservation database. The investigation determined that there was unauthorised access to the database, which contained guest information relating to reservations at Starwood properties on or before September 10.
The customer information of 500 million guests of Marriott Hotels was hacked and the attackers were able to breach a Starwood Hotels reservation database since 2014.
For approximately 327 million of these guests, the information includes a combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For others, the information also includes payment card numbers and payment card expiration dates.
Ryan Wilk, vp of customer success for NuData Security, a MasterCard company says: “The hospitality sector has been hit hard this year with breaches at such hotels as the Prince, Radisson, and InterContinental to name a few. Unfortunately, this breach was going on since 2014 which means that cyber hackers secured a treasure trove of personal information. This news needs to remind merchants and other companies transacting online that their systems are never entirely safe from breaches; these can happen at any time, and companies need to have their post-breach process ready.
“This plan includes the implementation of a stronger verification framework so that they can still correctly authenticate their good users despite potentially stolen credentials. This sort of data exposure is why so many organisations – from the hospitality sector through to eCommerce companies, financial institutions and major retailers – are layering in advanced security solutions, such as passive biometrics and behavioural analytics that identify customers by their online behaviour, thus mitigating post-breach damage as hackers are not able to impersonate individual behaviour,” said Wilk.
“We deeply regret that this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward,” said Arne Sorenson, Marriott’s president and ceo.
