Personal information stolen from 500 million Marriott guests

Posted: Thursday, December 6, 2018

Author: Robert Ward

Marriott shares have fallen over 5% and the company now faces a class action suit in the USA after it reported the loss of guests’ personal information over a 4-year period. The breach was revealed after internal systems alerted an unauthorised attempt to access the guest database, which prompted an investigation that revealed that the names, email addresses, phone numbers, passport details, payment card numbers and expiration dates of around 500 million guests had been stolen. Whilst the payment card data was encrypted using the AES-128 standard, Marriott stated that it cannot “rule out the possibility” that the two components needed to decrypt the numbers were also stolen.

Experts are questioning why it took so long to identify the security breach as around the time that Marriott bought the Starwood brand in 2014, Starwood reported that it was the victim of a credit card hack and the company’s website was victim to a SQL injection bug with offers to hack it being made on the Dark Web.

Live Chat

Our web site uses cookies. They allow us to give you the best browsing experience possible and mean we can understand how you use our site. You can delete and block cookies but parts of our site won't work without them. By using our web site you accept our use of cookies.