What Marriott is doing about the Starwood database breach
Here’s what Marriott customers need to know about the data security incident involving the Starwood guest reservation database.
The investigation so far – in a nutshell
The investigation determined that there was unauthorised access to the database, which contained guest information relating to reservations at Starwood properties.
On 8 September 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database – this may have started as early as 2014.
On 19 November 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.
Marriott believes the data breach contains information on up to approximately 500 million guests who made a reservation at a Starwood property.
For approximately 327 million of these guests, the information includes some combination of:
- mailing address
- phone number
- email address
- passport number
- Starwood Preferred Guest (SPG) account information
- date of birth
- arrival and departure information
- reservation date, and
- communication preferences.
For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).
There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken.
For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information.
Am I affected? What do I do?
For anyone who may have been affected by the data breach, Marriott has launched a dedicated website and call center to answer any questions for those who may be affected.
For more information on the Starwood guest reservation database security incident and FAQs, visit info.starwoodhotels.com.
Dedicated call centre
Marriott has established a dedicated call center to answer questions you may have about this incident. The call centre is open seven days a week and is available in multiple languages.
Here are the relevant phone numbers per country:
Marriott began sending emails on a rolling basis on 30 November 2018 to affected guests whose email addresses are in the Starwood guest reservation database.