On Friday, Marriott International announced a data breach that may have affected up to 500 million guests who used its Starwood guest reservation database. According to NBC, it could be one of the largest consumer data breaches in history.
According to Marriott, it received an alert on Sept. 8 from an internal system about an attempt to access the Starwood database in the United States. At that time, USA Today reported, the hotel group brought in security experts. Those experts found that there had been unauthorized access to the Starwood network, which includes W Hotels, St. Regis, Westin Hotels, and more, since 2014. The breach could affect anyone who made reservations at Starwood properties on or before Sept. 10, 2018.
"The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property," company reps said in a statement.
Out of those 500 million guests, NBC reported, around 327 million had some combination of their name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences stolen. For some guests, their credit card information may have also been taken. Marriott cannot rule out that the credit card information may have been decoded.
"We deeply regret this incident happened," Marriott President and CEO Arne Sorenson said in a statement. "We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward."
Marriott set up a website for any guests who would like to learn more about the breach and be notified via e-mail if their information was stolen. Marriott will also provide guests who sign up with one year of WebWatcher, a digital security service, for free.