A hacking attack on the Marriott hotel chain affected around half a billion customers, the firm said on Friday, after confirming a massive breach in the Starwood reservation database.
In some cases, hackers may have obtained guest’s credit card numbers and the cards’ expiration dates. Although the credit card data would be encrypted, Marriott said they could not rule out that the hackers might prove able to decode it.
“We deeply regret this incident happened,” said Marriott’s CEO Arne Sorenson. “We fell short of what our guests deserve and what we expect of ourselves.”
The attackers also gained access to data fragments including names, addresses, email accounts, passport and phone numbers and for around 327 million people.
Hackers ‘copied and encrypted information’
The company was first alerted of an attempt to hack their US database in September. The management launched a probe and discovered “that an unauthorized party had copied and encrypted information, and took steps towards removing it.”
Marriott and Starwood merged two years ago. Starwood operates hotels under the names: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Meridien Hotels & Resorts, Four Points by Sheraton and Design Hotels.
Marriott International is the biggest hotel chain in the world.
The company said it had set up a website and a call center for its customers and would begin sending emails to affected guests on Friday. The firm also said they had found traces of unauthorized access to Starwood’s network going back to 2014.
Place in history
The Marriott hacking is among the biggest ever reported, but remains overshadowed by the 2013 hacking of Yahoo, when the attackers gained access to data on all of Yahoo’s 3 billion customers.
dj/msh (AP, AFP, dpa)