In one of the largest breach disclosures in recent memory, Marriott International has revealed that its Starwood Hotels division had been breached since 2014, leaving customer data including payment card information, at risk.
There have been multiple incidents in recent years of cyber-security incidents involving hotel chains, but none have ever been bigger than the incident disclosed on Nov. 30 by Marriott International’s Starwood Hotels and Resorts division.
Information from approximately 500 million individuals that have made reservations at Starwood properties around the world are potentially at risk from the massive data breach disclosed by Marriott. Detailed information on 327 million individuals, including name, mailing address, phone number, email address, passport number and data of birth was stolen in the breach. Additionally, payment card information including numbers and expiration dates were stolen from an undisclosed number of impacted Starwood guests.
“We deeply regret this incident happened,” Arne Sorenson, Marriott’s President and Chief Executive Officer, wrote in a statement. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
While the number of impacted consumers in the Marriott breach is staggering, the timeline for disclosure in the security incident adds further insult to injury.
