Marriott hotel chain reports theft of data from half a billion customers

The American hotel chain Marriott has discovered that criminals have stolen a database of reservations at its subsidiary Starwood. As a result, the data of 500 million customers has been made public, including partly credit card information.

Marriott International reported receiving a notification on Sept. 8 from a security tool that an unauthorized person attempted to break into its database of customer reservations at its subsidiary Starwood. After investigation, criminals appeared to have had access to that database since 2014.

In addition, the hotel chain found that a large encrypted file had recently been passed on. On November 19, after decryption, it turned out to be the Starwood database. Marriott believes that the data of half a billion guests has been stolen.

Of 327 million users, this concerns, among other things, the name, address, e-mail address, telephone number, passport number, date of birth, gender and information about the stay such as arrival and departure. ‘Some’ also have credit card details in the hands of criminals, including the expiration date. According to Marriott, the credit card numbers are encrypted with AES-128. The company does not report how many people have had their credit card details stolen.

The chain has started alerting customers via email and has set up a hero desk and information page for customers with questions.

It is one of the largest data breaches to date. In 2013, Yahoo reported that a data breach affected one billion accounts, but last year it turned out that it involved more than three billion accounts.