Marriott’s Starwood guest reservation system has been hacked, the hotel chain says.
If you stayed at a Marriott Starwood property anytime from 2014 through Sept. 10, 2018, you might be one of the “approximately 500 million” guests whose personal information has been exposed in the hack, according to a statement.
The company says the system was first accessed without authorization sometime in 2014.
Marriott reported the breach to authorities on Nov. 19.
Sign Up and Save
Get six months of free digital access to The Kansas City Star
“The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it,” the press release states. “On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.”
The data included passport numbers, emails and mailing addresses for about 327 million of the customers affected. For some of the approximately 500 million affected, the data exposed also included payment card details.
The Starwood reservation database services a group of hotel chains Marriott purchased in 2016, according to CNN, including St. Regis, Sheraton, Westin and W Hotels.
Marriott did not say whether company representatives had learned who the hackers are. The hotel chain will begin sending emails on a rolling basis starting Nov. 30 to affected guests whose email addresses are in the Starwood guest reservation database.
The company has also created a website designed to answer questions of those who think their personal information was compromised in the hack.
“We deeply regret this incident happened,” said Arne Sorenson, Marriott’s president and chief executive officer. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
Marriott’s stock price took a hit after the news broke, according to Bloomberg, dropping 6 percent in premarket trading Thursday.
Florida law firm Morgan & Morgan filed a class action lawsuit against Marriott Friday on behalf of those who suffered financially as a result of the hack.
“Large, sophisticated companies like Marriott are not blind to the risks posed by cyber-criminals, who are constantly attempting to infiltrate corporations that store sensitive consumer information,” John Yanchunis, a lawyer with Morgan & Morgan, said in an emailed statement. “The fact that a breach that began in 2014 and went undetected for four years is shocking and horrifying. When guests stay at hotels, they trust the hotel will provide adequate security — both physical and the protection of their private information. It appears that the trust 500 million people placed in Marriott/Starwood was violated — for nearly half a decade.”