Marriott said Friday that hackers have had access to the reservation systems of many of its hotel chains for the past four years, a breach that exposed private details of up to 500 million customers while underscoring the sensitive nature of records showing where and when people travel — and with whom.
The breach of the reservation system for Marriott’s Starwood subsidiaries was one of the largest in history, after two record-setting Yahoo hacks, and was particularly troubling for the nature of the data that apparently was stolen, security experts said. That includes familiar information — such as names, addresses, credit card numbers and phone numbers — and also rarer prizes for hackers, such as passport numbers, travel locations and arrival and departure dates.
The potential value of such information on such a large percentage of the world’s travelers triggered speculation that Marriott may have been the target of nation-state hackers seeking to track the movements of diplomats, spies, military officials and business executives. Yet even if the hackers were mere criminals in search of profit, such data offered the raw material for a range of possible misdeeds, including identity theft.
“This is extraordinarily intimate data,” said Edward Hasbrouck, a San Francisco-based travel writer and consumer advocate who has long warned about the sensitivity and poor security of computerized travel records. “The travel industry has been grossly negligent compared to many industries when it comes to data privacy and security.”
An unauthorized party accessed the reservation database of Starwood properties — which includes hotel chains St. Regis, Westin, Sheraton, Aloft, Le Meridien, Four Points and W Hotels — from 2014 onward, according to a Marriott news release. It acquired Starwood in 2016 and kept the reservation databases separate from its own until recently. The reservation system of Marriott hotels themselves were not affected by the breach reported Friday.
“We deeply regret this incident happened,” Arne M. Sorenson, Marriott’s chief executive, said in the news release. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
Marriott International is based in Bethesda, Md., and has more than 6,700 properties around the world. The company’s shares were down nearly 6 percent Friday.
An internal security tool flagged the unauthorized party’s activity on September 8. Marriott then discovered that the hackers had accessed the information, encrypted it and attempted to remove it. It took Marriott until late November to decrypt the information.
Read the full article by Taylor Telford and Craig Timberg at The Washington Post
Recommended article: Security, and how Monaco is leading the way
In todays world, security is fast becoming non-negotiable for the UHNWI (ultra-high-net individual) meaning, what once was a luxury, is now a necessity. Security can cover a wide spectrum in today’s environment, from the traditional services to solutions utilising the latest and most sophisticated technology.