Marriott now has the dubious honor of having suffered one of the worst breaches in history. Granted, the 500 million customer records recently stolen from the company pales in comparison to Yahoo's loss of nearly three billion customer records, but Marriott's number is certainly nothing to scoff at.
In 2016, the company acquired rival Starwood hotels for $13 billion, and it was the Starwood guest reservation database that was compromised. Marriott discovered the breach on September 8th, 2018, and a formal investigation was launched. The results of their investigation to this point have revealed some grim details.
The data stolen by the unknown hackers included:
- Customer name
- Customer mailing address
- Date of birth
- Phone number or phone numbers
- Email address
- Passport number
- Check in/ check out dates and other details
- Communication preferences
- In some cases, credit and debit card numbers and expiration dates.
As bad as that is (and it's about as bad as it can get), the company tried to put a positive spin on things by emphasizing that the payment card information was encrypted. Even so, it's entirely possible that the hackers could break the encryption and get to the numbers hiding behind it.
The investigation is still ongoing, and Marriott is working with law enforcement to get to the bottom of the matter. The company has also begun the process of contacting all impacted customers.
It should be noted that this breach occurred on the Starwood system, and not on Marriott's main network. If you've stayed at a Starwood hotel, even if you haven't been contacted by the company, be advised that your personal information and possibly your credit card information has been compromised. Be watchful for suspicious charges on your account.