Hotel giant Marriott has revealed details of a major data breach that may have left the details of more than half a billion users exposed.
The company said that “approximately” 500 million guests who had made a reservation at one of its Starwood properties could be affected, with around 327 million of these seeing personal details compromised.
Information such as names, addresses, phone numbers, passport numbers and dates of birth were confirmed to be among the details taken.
However Marriott was unable to say whether payment card numbers and expiration dates were also compromised, noting that these details were encrypted, and would require multiple components to decrypt.
The breach affects customer that made a reservation at a Starwood property (which includes the W Hotel, St. Regis, Sheraton, Westin, Aloft and Le Meridien brands) on or before September 10 2018, but affects bookings going all the way back to 2014.
Marriott began investigating the incident after receiving a security alert two days earlier, and on November 19 was able to confirm that details from its database had be stolen.
In a statement, Marriott President and CEO Arne Sorenson said that the company “deeply regret this incident happened.”
“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
“Today, Marriott is reaffirming our commitment to our guests around the world,” he added. “We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call center. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”
Marriott has set up a dedicated website and call centre to provide advice to customers worried they may have been affected. The company says it will begin sending out emails to affected guests from today.