Marriott International, a leading global lodging company Founded by J. Willard and Alice Marriott has reported that its estimate on the number of guests whose passport details and credit card data were hacked in its recent data breach has been reduced from the originally reported figure to about 383 million records.
The lodging company confirmed in November 2018 that there had been unauthorized access to its Starwood guest reservations database from 2014 up to September 2018, it said that up to 500 million guests were affected. However, after de-duping the information, Marriott made it clear that 383 million records – not guests – were involved in the attack.
Breaking the information down further, 5.25 million unencrypted passport numbers were included in the breach, along with 20.3 million encrypted passport numbers.
The affected hotel brands operated by Starwood before it was acquired by Marriott in 2016 include W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury Collection, Le Méridien, and Four Points. Starwood branded timeshare properties are also included.
Early last year 2018, we experienced similar data breach saga from big-name companies like Facebook, Reddit, and Equifax. It is now obvious that the line between personal data protection and data breach is very slim, as artificial intelligence becomes smarter and faster.
This begs the question, How much of your personal information should be revealed online and how secure is the data provided?
Note that payment card details and expiration dates of some guests were taken, according to the company. For as many as two-thirds of those affected, data exposed could include mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences. For some guests, the information was limited to name and sometimes other data such as mailing address, email address or other information.
The CEO, Arne Sorenson confessed that the incident was a big disappointment to their customers and he promised to pay for new passports provided that affected guests could prove that their passport data was accessed.
Who’s behind the data breach?
Marriott has said that they can’t clearly say for sure who’s behind the hacking, but The New York Times believe that China is responsible, the secretary of state, Mike Pompeo also confirmed in an interview the claim that China was behind the attack.
Currently, Marriott confirmed that they have removed their Starwood reservation system offline and migrated all reservations to a separate in-house Marriott system.