The hotel group Marriott has confirmed so details of some 500,0000 me details of the attack on it’s Starwood division that has exposed the personal details of some 500 million guests.
The group has contacted the ICO to report the data breach and the ICO has confirmed that it is investigating the matter, this may well lead to a substantial fine for the hotel group that purchased the Starwood in 2016 creating the largest hotel chain in the world.
It transpires that the hacker has had access to the Starwood database since 2014 and that the breach has only recently been discovered that “unauthorised party had copied and encrypted information”.
The Starwood name is not particularly well know in the UK but it;s brands include W Hotels, Sheraton, Le Méridien and Four Points by Sheraton.
Marriott have confirmed that its own group of hotel are unaffected by the breach as the details are handled under a separate reservations system but that the breach may have given access to some 500 million guests with up to 327 million guest details including name, address, phone number ,email address, passport number, account information, date of birth, gender and arrival and departure information potentially being exposed. The payment card information was encrypted but there are concerns that the encryption key may also been stolen although this has not been confirmed.
A spokesperson for the group said;
We deeply regret this incident happened, Marriott reported this incident to law enforcement and continues to support their investigation. The company has already begun notifying regulatory authorities.
The ICO in the UK made a brief statement;
“We have received a data breach report from Marriott involving its Starwood Hotels and will be making enquiries. If anyone has concerns about how their data has been handled they can report these concerns to us.
The hotel group has set up a website to help concerned customers.