Hotel giant Marriott has confirmed that the details of up to 500 million guests of its Starwood group hotels may have been accessed in a massive data breach.
The American company said in a statement that it detected a potential hack on 19 November and that its investigation had identified a huge tranche of customer data as being vulnerable.
“The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property,” the company said.
The database involved includes almost all the information needed to administer bookings, and the hack is believed to impact those who made a reservation on or before 10 September 2018. But encrypted credit and debit card data is not believed to be affected, banking app Monzo said.
Which hotels are affected?
Marriott owns Starwood, which includes W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts among its brands.
Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels, and Starwood branded timeshare properties are also included, the company said.
Are Britons affected?
Given the volume of data involved, said to be 500 million guests – it seems highly likely.
A Marriott spokesperson told HuffPost UK: “At the moment the investigation is still in its early stages so we can’t provide accurate information on the nationalities of people impacted at this stage.
“We are saying that if a guest made a reservation on or before September 10, 2018 at a Starwood property, information they provided may have been involved.”
Customers should check the email addresses they used to book hotel rooms, as those who are affected will be notified by email.
Adam French, Which? consumer rights expert, said: “This data breach is on a colossal scale and it will be of great concern to Marriott customers. It is vital that Marriott provides clear information on what has happened and helps anyone who has been negatively impacted.
“Anyone worried they could be affected should consider changing their online passwords, monitor bank and other online accounts as well as their credit report to guard against potential identity fraud. Also, be wary of emails regarding the breach, as scammers may try and take advantage of it.”
What is the company doing about it?
Marriott has reported the breach to police and has begun notifying regulators.
“We deeply regret this incident happened,” Arne Sorenson, Marriott’s president and CEO, said. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
A press statement added that customers affected by the hack can access a special helpline and website, as well as receive data protection software free for one year.
You can access the special website here.
The breach could become one of the biggest thefts of personal data since Yahoo! confirmed three billion users of its email business had been hacked in 2013.