Yet another data breach scandal has hit the media.
The largest hotel chain Marriott International announced Friday that up to 500 million Starwood customers’ information was compromised.
“The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property,” said Marriott.
Marriott discovered the breach on November 19. Hackers have gained “unauthorized access” to the Starwood reservation system since 2014.
“The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it,” said Marriott in a statement.
Although up to 500 million customers’ could have been compromised, Marriott said that they determined that about 327 million had their names, phone number, email addresses, and passport numbers obtained in the breach.
“There are some customers who may have also had their credit card information taken. While that data would have been encrypted, Marriott said it can’t rule out the information may have been decoded,” writes NBC News.
Marriott, which acquired Starwood for $13 billion in 2016, has launched a customer call center and website dedicated to assisting customers impacted by the data breach.
“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward,” said Arne Sorenson, Marriott’s CEO.
This is one of the biggest breaches in history, following Yahoo’s data breach in 2017 where 3 billion accounts where compromised.
“This is one of the most significant data breaches in history given the size — about 500 million people are affected — and the sensitivity of the personal information that was stolen,” said Ted Rossman, CreditCards.com industry analyst.
But the compromised passport numbers is much more of a bigger problem than stolen credit card information.
“Its impact on the victims is much greater than the numbers reveal,” said John Gunn, chief marketing officer of cybersecurity company OneSpan. “It is remarkably easy to request a replacement credit card from your financial institution and you are not responsible for fraudulent activities – try that with your passport.”
Class action cases are likely to follow suit. The European Union and the United Kingdom recently enacted the General Data Protection Regulation and Marriott might be in violation and in turn, could be given consequences.
Author’s note: This is the second biggest corporate breach and Marriott screwed up royally on this one. Unfortunately, millions across the world will suffer from this massive failure.