500 Million People Affected by Marriott’s Security Breach
Last week the International hotel chain Marriott announced a security breach that affected 500 million of its hotel guests. Forensic experts say that in the breach, attackers were able to attain personal details from guests who made reservations at the Starwood locations over the past four years.
Who Was Affected by the Attack?
Marriott acquired the Starwood hotel chain in 2016. The following brands were affected:
- W Hotels
- Sheraton Hotels & Resorts
- Westin Hotels & Resorts
- Element Hotels
- Aloft Hotels
- The Luxury Collection
- Tribute Portfolio
- Le Méridien Hotels & Resorts
- Four Points by Sheraton and Design Hotels
When Did the Hack Happen?
The breach happened in 2014. However, Marriott claims that it didn’t become aware of it until September 10, 2018. Marriott’s awareness of the violation occurred when its staff spotted an alert from an internal security tool about an attempt to access the Starwood guest reservation database in the United States.
The company worked with investigators on the alert, and that is when they found that the intrusion dates back to 2014. They have now taken steps toward removing it. On November 19, 2018, forensic experts managed to decrypt the data that the attackers stole from the Starwood guest reservation database earlier this month.
What Information Was Stolen?
The investigators say that hackers stole the following information from a majority of these guests:
- Mailing address
- Phone number
- Email address
- Passport number
- Starwood Preferred Guest (“SPG”) account information
- Date of birth
- Arrival and departure information
- Reservation date
- Communication preferences
For some of these guests, attackers also stole payment card information, though Marriott did not say the total number.
Was My Information Stolen?
If you made a reservation at any Marriott/Starwood hotels from from 2014 to September 2018, you may have been affected. Marriott started notifying affected guests via email.
Marriott is providing guests the opportunity to enroll in WebWatcher free of charge for one year. WebWatcher monitors internet sites where personal information is shared and generates an alert to the consumer if evidence of the consumer’s personal information is found. Marriott has posted details of the breach and WebWatcher here. (This is confirmed on the FCC website) .
Arne Sorenson, Marriott’s President and Chief Executive Officer, stated that Marriott is deeply regretful and is working hard to ensure all guests have answers to questions and are safe going forward. This security breach is the third one for Marriott’s Starwood chain after the infections with Point-of-Sale malware disclosed in 2015 and again in 2016.
Who Stole This Data and Why
According to NBC news, the hack “shows signs of being the work of a hostile foreign intelligence service,” one that may fits the pattern of a China state-sponsored cyberattack. Reuters reported that “investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers.” They also cautioned that other entities may have access to the same tools.
For cyberthieves there is a shelf life to the value of customers’ financial information as credit card numbers are changed or canceled. On the other hand, information about where and when people have traveled may have longer lasting intelligence purposes.