The Marriott hotel chain announced today that they suffered a data breach affecting 500 million guests. The breach took place in 2014, but Marriot didn’t notice until September 10th of this year. Marriott became aware of the breach after an internal tool alerted them about an attempt to gain access to the Starwood guest reservation database in the US. Starwood is a hotel chain that Marriott acquired in 2016. Other hotels under Starwood include Aloft Hotels, Element hotels, Four Points by Sheraton and Design Hotels, Le Méridien Hotels and Resorts, the Luxury Collection, Sheraton Hotels and Resorts, St. Regis, Tribute Portfolio, W Hotels, and the Westin Hotels and Resorts. The stolen data includes email addresses, names, mailing addresses, dates of birth, passport numbers, gender, reservation dates, arrival and departure information, communication preferences, and Starwood Preferred Guest (SPG) account information. Some guests had their credit card information stolen as well, however Marriott is yet to announce how many guests were affected by this.
Marriott is notifying the affected customers via email. Marriott is also setting up a website (info.starwoodhotels.com) for information about the data breach. The website will also allow some users to enroll for a free identity monitoring service. For any user that is affected or believes themselves to be affected, they are advised to visit the website listed above. With credit card information potentially stolen, keep an eye on bank statements for any fraudulent transactions. Email and mailing addresses could lead to more spam or junk mail, so be careful about responding to or clicking on links from unknown senders.