Marriott recently disclosed that systems from Starwood’s reservation database were compromised as early as 2014, prior to Marriott acquiring Starwood. This data breach affects up to 500 million customers and is second only in size to the infamous Yahoo data breach which also occurred in 2014 — around 3 billion records.
Information stolen in this breach includes:
- Passport numbers
- Email addresses
- Mailing addresses
- Phone numbers
As if this wasn’t bad enough, Marriott representatives also admit that credit card data is involved as well. And while this information was encrypted using more advanced methods, Marriott says it has “not been able to rule out” the possibility that both tools needed to decrypt this data might have been stolen as well. Ouch!
Marriott does say that only the Starwood (Sheraton, Westin, etc) systems were affected by this and says Marriott systems are on a different network.
Marriott will be contacting affected customers today via email and have set up a website and call center to answer questions: info.starwood.com