At a subsidiary of hotel giant Marriott, customer and payment data has been stolen, up to 500 million guests are affected.
At a subsidiary of the US hotel group Marriott data of up to 500 million hotel guests have been affected by an “unauthorized network access”. The corporation announced that it had around 327 million customers a combination of name, address, phone number, e-mail address, passport number, date of birth, gender, date of arrival, departure information, reservation date and more.
In some cases, payment information are also affected. But they are encrypted by AES-128. However, Marriott can not say if the data needed for decryption has also been stolen. For the remaining 170 million guests, only names and address informations are affected.
The access was made via the IT systems of the Group subsidiary Starwood. These include the W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. All customers who made a reservation in one of these hotels before September 10 2018 could be affected.
Not Much Help For Customers
Marriott “deeply regrets the incident” and has, according to their own statements, promptly launched a thorough investigation. The company was reportedly informed of the collapse on 8 September. The group has now set up its own information page, but there are not much more details. Customers in the United States, Canada, and the United Kingdom are referred to WebWatcher for misuse of their data. Others are given only general safety tips, especially they should keep track of account movements.