Millions of passport and credit card details exposed in Marriott hack
As many as 500 million people who’ve stayed at Marriott hotels may have had their data exposed during breaches that began in 2014. The company said reservations at its Starwood properties – which include the Park Lane Sheraton Grand, Westbury Mayfair and Le Meridien Piccadilly – had been affected by the incident.
Work is continuing but the firm said the breached database included passport numbers, dates of births, names, addresses and phone numbers. Payment card numbers and expiration dates were also stored for some.
The breach was spotted in the Starwood guest reservation database in the US on September 8 and the company discovered that an unauthorised party had copied and encrypted information, and took steps towards removing it. Security experts determined there “had been unauthorised access to the Starwood network since 2014,” the company wrote in a statement.
“We deeply regret this incident happened,” said Marriott president and chief executive Arne Sorenson. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
Payment card details were stored using a method of encryption that requires two components to recover the original numbers. Marriott said it is not able to rule out the possibility that bother parts were taken.