[ Dec 01, 2018 ]
The world’s biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million guests.
The incident is believed to be one of the largest data breaches in history, behind 2016 Yahoo hacking in which nearly 3 billion user accounts were stolen.
The breach of Starwood properties has been happening since 2014 after an “unauthorized party” managed to gain unauthorized access to the Starwood’s guest reservation database, and had copied and encrypted the information.
Marriott discovered the breach on September 8 this year after it received an alert from an internal security tool “regarding an attempt to access the Starwood guest reservation database in the United States.”
The stolen hotel database contains sensitive personal information of nearly 327 million guests, including their names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, genders, arrival and departure information, reservation date, and communication preferences.
Marriott confirmed that its investigation into the incident only identified unauthorized access to the separate Starwood network and not the Marriott network. It has also begun informing potentially impacted customers of the security incident.
The hotel company has begun notifying regulatory authorities and also informed law enforcement of the incident and continues to support their investigation.
Since the data breach falls under European Union’s General Data Protection Regulation (GDPR) rules, Marriott could face a maximum fine of 17 million pounds or 4 percent of its annual global revenue, whichever is higher, if found breaking any of these rules.