Marriott today revealed a massive breach of personal information — possibly including payment card data — for up to 500 million guests who made reservations at hotels in the Starwood chain, which Marriott acquired in 2016. Marriott said that it discovered on Sept. 8, 2018, that the Starwood reservation database had been breached by hackers since 2014. For 327 million guests, the compromised information included names, addresses, phone numbers, email addresses, passport numbers, hotel loyalty numbers and dates of birth.
Marriott said for some of these guests, encrypted payment card data was accessed as well. “There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken,” the company said. Marriott said that it is notifying affected guests starting today.
Starwood brands affected by the breach include Aloft, Element, Design Hotels, Four Points, Le Meridien, Luxury Collection, St. Regis, Sheraton, Tribute Portfolio, W Hotels, Westin and Starwood-branded timeshares. As of 2014, there were more than 1,200 Starwood hotel properties, which would make this one of the largest hotel company data breaches in recent years. View FAQs and information from Marriott.