Posted: Thursday, December 6, 2018
Marriott shares have fallen over 5% and the company now faces a class action suit in the USA after it reported the loss of guests’ personal information over a 4-year period. The breach was revealed after internal systems alerted an unauthorised attempt to access the guest database, which prompted an investigation that revealed that the names, email addresses, phone numbers, passport details, payment card numbers and expiration dates of around 500 million guests had been stolen. Whilst the payment card data was encrypted using the AES-128 standard, Marriott stated that it cannot “rule out the possibility” that the two components needed to decrypt the numbers were also stolen.
Experts are questioning why it took so long to identify the security breach as around the time that Marriott bought the Starwood brand in 2014, Starwood reported that it was the victim of a credit card hack and the company’s website was victim to a SQL injection bug with offers to hack it being made on the Dark Web.