International hotel chain Marriott said the details of 500 million hotel guests has been stolen in a sweeping hack.
  • The breach happened in 2014, but Marriott didn’t become aware of it until September this year. 
  • The hackers, or hacker, copied and encrypted information and took steps towards removing it from a guest reservation database. 
  • Forensic experts decrypted the data attackers stole and conclude they have siphoned information on up to approximately 500 million guests.

Investigators said 327 million guests who had stayed at the Marriot owned Starwood chain of hotels had the following information stolen:
  • Names, mailing address, phone number, email address
  • Passport number date of birth and gender
  • Arrival and departure information, reservation date, and communication preferences
  • Starwood Preferred Guest account information,

This included guests at the following hotels:
  • W Hotels, St. Regis, Sheraton Hotels & Resorts
  • Westin Hotels & Resorts, Element Hotels, Aloft Hotels
  • The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts
  • Four Points by Sheraton and Design Hotels

For some of these guests, payment card data was also stolen, but Marriott did not say for how many.

The hotel said payment card data was encrypted. That said it can’t be ruled out that the data is protected completely.

The hotel chain said there are two components needed to decrypt the payment card numbers and it can’t be certain that both weren’t stolen in the hack.

For the remaining 173 million guests, stolen data only included a name, and sometimes other information such as mailing address, email address, or other data.

A dedicated web page has been set up for people who think they may have been affected: https://answers.kroll.com/

Personal identity protection

If you are concerned about any of your personal identifying data being hacked from a company database, check out BullGuard Premium Protection