Marriott has announced that the Starwood Guest Reservation Database has been hacked and personal data details of some 500 million guest information may have been breached. Marriott International conducted an investigation and determined that there was unauthorised access to the database, which contained guest information relating to reservations at Starwood properties on or before 10 September 2018. Starwood brands include: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties are also included.
Unauthorised access to the Starwood network has occured since 2014. An unauthorised party had copied and encrypted information and Marriott took steps towards removing it. On 19 November 2018, Marriott was able to decrypt the information and determined that the contents were from Starwood guest reservation database.
Approximately 327 million of these guests’ details including their name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences have become vulnerable to hackers. For some, the data include payment card numbers and expiration dates. Payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). Two components are needed to decrypt the payment card numbers. For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address or other information.
This incident has been reported to law enforcement as well as regulatory authorities.
You can monitor and protect your information by visited a dedicated website info.starwoodhotels.com and call centre. Marriott will begin sending emails on a rolling basis from 30 November 2018 to affected guests whose email addresses are in the Starwood guest reservation database. If you reside in the United States, Canada or the United Kingdom, Marriott is providing guests the opportunity to enrol in WebWatcher for free for one year. WebWatcher monitors internet sites where personal information is shared and generates an alert to you if evidence of your personal information is found.