In what may be among the largest data breaches in history, Marriott International said Friday morning (Nov. 30) that as many as 500 million guests’ data was accessed, tied to a breach of the Starwood hotel guest reservation database.
As reported by NBC and other sites, the firm said that an alert was raised in September from an “internal security tool” that such access to guests’ information had been attempted. A subsequent investigation revealed that the unauthorized access had been ongoing since 2014 – and that unauthorized parties had been able to copy and encrypt information that in November was found to have resided in the aforementioned Starwood database.
Of the 500 million guests impacted, roughly 327 million had information compromised that ranged from names to passport numbers to email addresses and Starwood account information. The company also stated that credit card data may have been compromised even though it had been encrypted.
Marriott said on Friday in its statement detailing the breach that “it has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property.”
The company, NBC reported, said it has “taken steps” in the wake of the breach, is working with authorities and has set up a website to address consumer concerns. Marriott will also be contacting customers by email, and the firm is providing its affected guests with one year of WebWatcher services.
The Marriott breach follows the Yahoo breach that affected roughly three billion accounts.
“We deeply regret this incident happened,” Marriott President and CEO Arne Sorenson said in a statement, as reported by NBC. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”