Massive data breach at Marriott's Starwood hotels

From The Associated Press

BETHESDA, Md. — The information of as many as 500 million people staying at Starwood hotels has been compromised and Marriott says it's uncovered unauthorized access that's been taking place within its Starwood network since 2014.

The company said Friday that credit card numbers and expirations dates of as many as 327 million of those guests may have been taken.

Other information taken includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

The guest reservation database that is involved was only used for Starwood reservations. Marriott uses a separate reservation system that is on a different network.

Starwood hotel brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties are also included.

Marriott said that there was a breach of its database in September, which had guest information related to reservations at Starwood properties on or before Sept. 10. Marriott discovered through the investigation that someone copied and encrypted guest information, and says it's now working toward removing the information.

In a statement announcing the breach the hotel stated, "Marriott deeply regrets this incident happened. From the start, we moved quickly to contain the incident and conduct a thorough investigation with the assistance of leading security experts. Marriott is working hard to ensure our guests have answers to questions about their personal information with a dedicated website and call center. We are supporting the efforts of law enforcement and working with leading security experts to improve. Marriott is also devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network."

Marriott has set up a website and call center for anyone who thinks that they are at risk, and on Friday will begin sending emails to those affected. 

Marriott is also providing guests the opportunity to enroll in WebWatcher free of charge for one year. WebWatcher monitors internet sites where personal information is shared and generates an alert to the consumer if evidence of the consumer’s personal information is found.