Tags: Cyber Security | marriott | starwood | database | hacked

Marriott's Starwood Database Hacked, 500M Guests May Be Affected

computer hacker silhouette of hooded man with binary data and network security terms
(Leo Lintang/Dreamstime)

Friday, 30 November 2018 10:23 AM

Marriott International Inc. said it’s investigating a hack of the guest reservation database at its Starwood unit that may be one of the biggest such breaches in corporate history.

Marriott shares (MAR) slumped as much as 6.9 percent.

The attack is troubling not just because of its sheer size, but also the level of detail potentially stolen by the attackers. The hack affects some 500 million guests, and for about 327 million of them, the data included passport numbers, emails and mailing addresses, Marriott said. Some credit card details may also have been taken.

The Marriott hack may rank only below Yahoo as one of the biggest of personal data, when 3 billion users were exposed to a 2013 security breach.

“We know there’s going to be a cost, but how big will it be, I don’t know, I don’t think Marriott knows,” said Michael Bellisario, an analyst at Robert W. Baird & Co. “Marriott’s biggest asset is the network effect of customers in the loyalty program. The big question is does it impact the Marriott brand, and the customer desire to be rewards program members? It’s still too early to tell.”

Regulators and consumers have been stepping up their action against companies that have suffered security breaches as such attacks have increasingly become more severe. Target Corp. last year agreed to pay $18.5 million to settle investigations by dozens of states over a 2013 hack of its database in which the personal information of millions of customers was stolen, while Equifax is facing billion-dollar law suits and a regulatory investigation.

“The breach is so big that the company may face a large fine from the authorities and the market is factoring that in,” said Juan Jose Fernandez Figares, chief analyst at Link Securities in Madrid. “This is yet another company that has been hit by a hacking and a reminder to any company that manages customers’ personal data that they need to work harder to protect them from future attacks.”

Marriott’s statement indicates the hacking was going on years before the company acquired Starwood in a deal valued at about $13.6 billion that closed in September 2016. Marriott’s database contained guest information relating to reservations at Starwood properties on or before Sept. 10, 2018. For some, it also included payment card details, said Marriott, which didn’t identify who the perpetrators might be.

Athough Marriott said the details such as credit card numbers were encrypted, it has not been able to rule out the possibility that enough details were taken in order to decrypt this information.

The company has reported the incident to law enforcement and continues to support their investigation, and has also begun notifying regulatory authorities. Marriott informed the U.K. data protection regulator about the breach, the Information Commissioner’s Office said Friday. The regulator asked individuals concerned about how their data was handled to report their worries.

In its quarterly filing dated Nov. 6, Marriott added a warning about security breaches.

“We have experienced cyber-attacks, attempts to disrupt access to our systems and data, and attempts to affect the integrity of our data, and the frequency and sophistication of such efforts could continue to increase,” the firm said, without providing details on specific attacks.

Marriott paid $13.6 billion to acquire Starwood in September 2016 in a deal that created a hospitality industry behemoth that has 1.3 million rooms and more than 110 million loyalty program members. Starwood’s legacy brands include Sheraton, W Hotels, Westin, Aloft and St. Regis.

© Copyright 2019 Bloomberg News. All rights reserved.

1Like our page
Marriott International said on Friday that hackers illegally accessed its Starwood Hotels brand's reservation database since 2014, potentially exposing personal information on about 500 million guests.
marriott, starwood, database, hacked
Friday, 30 November 2018 10:23 AM
Newsmax Media, Inc.

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

© Newsmax Media, Inc.
All Rights Reserved