500 million customers of hotel giant Marriott International have been involved in a global data breach. The chain said the guest reservation database of its Starwood division had been compromised by an unauthorised party.
A number of hotels in Dublin hotels could be affected by the data breach in one of the hotel chain’s booking databases. Up to half a billion customers around the world are potentially impacted by the breach to its Starwood network since 2014.
Dublin hotels under the Marriott umbrella include the Shelbourne and Westin while the Powerscourt Hotel in Wicklow is also amongst the hotels in its stable.
For approximately 327 million guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).
There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken.
For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information. Marriott reported this incident to law enforcement and continues to support their investigation. We have already begun notifying regulatory authorities.
The company says:
“Marriott deeply regrets this incident happened. From the start, we moved quickly to contain the incident and conduct a thorough investigation with the assistance of leading security experts. Marriott is working hard to ensure our guests have answers to questions about their personal information with a dedicated website and call center.”
How will guests know if they have been hacked? – If you made a reservation on or before September 10th at a Starwood property, the information you provided may have been involved.