500 Million Guest Records Stolen In Massive Starwood Data Breach – Marriott

0
1261
marriott hotel
The world is witnessing data breach each day. But this time it is huge. The world’s biggest hotel chain Marriott International says that hackers compromised guest reservation database of its subsidiary Starwood hotels and steeled 500 million guests records.

In 2016, Starwood Hotels and Resorts Worldwide was acquired by Marriott International for $13 billion.On September 8, Marriott discovered the breach this year after it received an alert from an internal security tool “regarding an attempt to access the Starwood guest reservation database in the United States.”

On November 19, the company said that it obtained and decrypted the database and “determined that the contents were from the Starwood guest reservation database.”

Hackers have stolen some sensitive personal information of nearly 327 million guests. The data includes their names, phone numbers, email addresses, mailing addresses, dates of birth, passport numbers, genders, reservation date, arrival and departure information and communication preferences.The most worrying thing is they have also stolen some user’s payment card numbers and payment card expiration dates.

But, according to the company, “the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).” Attackers must need two components to decrypt the payment card numbers, and “at this point, Marriott has not been able to rule out the possibility that both were taken.”

In the official statement, Marriott said, “The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property”.
The company has begun informing their customers about the data breach — including in the U.S., Canada, and the U.K.

The company has begun notifying law enforcement and regulatory authorities of the incident and continues to support their investigation.Since the data breach falls under the European Union’s General Data Protection Regulation (GDPR) rules, Marriott could face significant financial penalties of four percent of its global annual revenue.

LEAVE A REPLY

Please enter your comment!
Please enter your name here