Marriott discloses massive data breach affecting up to 500 million guests

 December 1, 2018

Riviera Marriott Hotel La Porte de Monaco



Marriott said Friday that hackers have had access to the reservation systems of many of its hotel chains for the past four years, a breach that exposed private details of up to 500 million customers while underscoring the sensitive nature of records showing where and when people travel — and with whom.

The breach of the reservation system for Marriott’s Starwood subsidiaries was one of the largest in history, after two record-setting Yahoo hacks, and was particularly troubling for the nature of the data that apparently was stolen, security experts said. That includes familiar information — such as names, addresses, credit card numbers and phone numbers — and also rarer prizes for hackers, such as passport numbers, travel locations and arrival and departure dates.

The potential value of such information on such a large percentage of the world’s travelers triggered speculation that Marriott may have been the target of nation-state hackers seeking to track the movements of diplomats, spies, military officials and business executives. Yet even if the hackers were mere criminals in search of profit, such data offered the raw material for a range of possible misdeeds, including identity theft.

“This is extraordinarily intimate data,” said Edward Hasbrouck, a San Francisco-based travel writer and consumer advocate who has long warned about the sensitivity and poor security of computerized travel records. “The travel industry has been grossly negligent compared to many industries when it comes to data privacy and security.”

An unauthorized party accessed the reservation database of Starwood properties — which includes hotel chains St. Regis, Westin, Sheraton, Aloft, Le Meridien, Four Points and W Hotels — from 2014 onward, according to a Marriott news release. It acquired Starwood in 2016 and kept the reservation databases separate from its own until recently. The reservation system of Marriott hotels themselves were not affected by the breach reported Friday.

“We deeply regret this incident happened,” Arne M. Sorenson, Marriott’s chief executive, said in the news release. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

Marriott International is based in Bethesda, Md., and has more than 6,700 properties around the world. The company’s shares were down nearly 6 percent Friday.

An internal security tool flagged the unauthorized party’s activity on September 8. Marriott then discovered that the hackers had accessed the information, encrypted it and attempted to remove it. It took Marriott until late November to decrypt the information.

Read the full article by Taylor Telford and Craig Timberg at The Washington Post

Recommended article: Security, and how Monaco is leading the way
In todays world, security is fast becoming non-negotiable for the UHNWI (ultra-high-net individual) meaning, what once was a luxury, is now a necessity. Security can cover a wide spectrum in today’s environment, from the traditional services to solutions utilising the latest and most sophisticated technology.



Tags: , , , ,

Subscribe to our weekly Monaco newsletter

* indicates required

Monaco Wealth Management will use the information you provide on this form to be in touch with you and to provide updates and marketing. Please let us know all the ways you would like to hear from us:

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.

Latest News
%d bloggers like this: