Marriott International, a Bethesda, Maryland, based company, admitted Friday that information for up to 500 million guests staying at one of their Starwood properties was compromised as early as 2014.
On Sept. 8, the company launched an investigation into a security alert and found that an unknown third party had access to its system and Starwood guest information since 2014. The information they access was determined on Nov. 19.
The company said in a statement that for about 327 million of the potential 500 million guests, the data stolen included “some combination” of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences.
Some also had payment card numbers and expiration dates. Though that information was encrypted, Marriott was not able to rule out that the two components needed to decrypt the data were also taken.
The rest had their name and potentially their mailing address, email address, or other information compromised.
“We deeply regret this incident happened,” Marriott’s President and Chief Executive Officer Arne Sorenson said in a statement. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
• Gabriella Muñoz can be reached at gmunoz@washingtontimes.com.
Please read our comment policy before commenting.