• by Ray Schultz , November 30, 2018

Marriott’s Starwood guest reservation database was hacked, exposing data on up to 500 million guests, the company announced on Friday morning. 

The chain determined on November 19 that the breach -- which exposed data on reservations made on or before September 10 of this year -- had occurred. Law enforcement, regulators and customers have been notified, Marriott says.

The data on 327 million guests includes such details as name, email address, mailing address, phone number, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences, Marriott says.

The chain was alerted on September 8 that an attempt had been made to access the Starwood database in the U.S.

Security experts determined that unauthorized access to the Starwood network had existed since 2014, the company says. In addition, the firm discovered that an unauthorized party had copied and encrypted data from the database.

The company decrypted the information on November 19.

In some cases, payment card numbers and payment card expiration dates were stolen. These were encrypted, using Advanced Encryption Standard encryption (AES-128). Two components are needed to decrypt the payment card numbers, and Marriott says it has not ruled out the possibility that both were taken.

The data on the remaining guests was limited to name an perhaps such information as email address and mailing address, it believes.

The company has not yet finished identifying duplicate information in the database, but it believes that it includes data on 500 million people who made reservations.

Marriott says it will begin sending emails on a rolling basis today to affected guests whose email addresses are in the database.

"We deeply regret this incident happened," states Arne Sorenson, president and chief executive officer. "We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward."