Marriott data hackers could have made off with 500 million guests’ personal and payment details
More worrying the internal investigation carried out by the hotel chain suggests the data breach may have started as far back as 2014. This is likely to make the chain’s promise of notifying every one of the estimated 500 million guests they estimate will have been affected a difficult task to fulfil.
The Starwood name is an umbrella for multiple brands including W Hotels, Sheraton, Le Méridien and Four Points by Sheraton while all of the Marriott hotels are managed by a separate reservation system on a different network. A spokesman for Marriott said they had been alerted to an unauthorised person trying to get into the system by an internal security tool and having acted upon that alert they soon discovered an “unauthorised party had copied and encrypted information” from the underlying database, a database that in total holds a great deal of personal information on around 500 million customers.
When asked exactly what was included within these guest records the group said approximately that would include “some combination” of name, mailing address, phone number, email address, passport number, account information, date of birth, gender, and arrival and departure information for around 327 million of the guests.
If that wasn’t bad enough, they also added that for many of those there would also be encrypted payment card details and they couldn’t discount the possibility the hackers had also stolen the encryption keys that would unlock all of those card details.
Now that the government’s new data protection regulations (GDPR) have come into force, it is more vital than ever that you provide a safe and secure environment for your data to avoid a data breach like this.
If you would like us to talk you through what you need to know to keep your customer, contact and marketing data safe, please email email@example.com or call Sarah on 01302 380216.
If you would like us to talk you through what you need to know to keep your employee data safe, please email firstname.lastname@example.org or call Lauren on 0114 0114 252 1410.