On November 30th, Marriott confirmed that a breach in the guest reservation database of Starwood Hotels, a subsidiary of Marriott, exposed data belonging to up to 500 million customers. This leaked information includes guests’ names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, and payment card information, although not all guests were impacted equally by the breach.
On September 8th, an internal security tool flagged unauthorized activity in the guest reservation database of Starwood Hotels. Marriott discovered that hackers had accessed customer information, encrypted it, and attempted to remove it. It took Marriott until late November to decrypt the information. During the investigation, Marriot discovered that hackers have had access to the reservation systems of many of its hotel chains since 2014. Starwood Hotels includes W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Le Méridien Hotels & Resorts, and timeshare properties.
Marriot mentioned that even though the stolen credit card details were encrypted, it could not rule out the possibility that the encryption keys were also taken by hackers. The company said that Marriott Group hotels are not believed to be affected, as Marriot Group’s reservation system is on a different network. Marriott has reported this incident to law enforcement officials.
Marriott is offering free web monitoring services for a year to all affected customers. This tool will monitor internet sites and alert customers if evidence of their personal information is found.
Don't want to make the news for the wrong reasons? Download ManageEngine Log360, the tool that can help combat internal and external security attacks.
Log360, our comprehensive SIEM solution, can help your organization:
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.