- Marriott suffered a massive data breach, saying on Friday that the information of about 500 million people who stayed in its Starwood hotels had been compromised.
- Marriott said that starting in 2014, hackers accessed the information of customers in its Starwood reservation database, including mailing addresses, passport info, and credit-card numbers.
- It said that affected guests, who stayed at a Starwood property on or before September 10, would be notified “on a rolling basis” starting Friday.
- Here’s how you can find out more about whether your information was hacked and what you can do to protect yourself.
Marriott said it discovered earlier this month that hackers had access to its reservation system used for guests at Starwood hotels since 2014 and that customer information was copied and stolen.
The hotel chain said in a statement that it “has taken measures” to contain and investigate the breach.
Marriott said it would reach out via email to affected customers “on a rolling basis” starting Friday, but only to those whose email addresses are in the Starwood reservation system. If you stayed at a Starwood property on or before September 10, keep a look out for an email from firstname.lastname@example.org.
Here’s what we know about the breach, including the kind of customer information accessed:
- Hackers first gained access to the reservation database in 2014. The breach affected customers who stayed in a Starwood hotel on or before September 10.
- For about 327 million customers, Marriott hasn’t figured out exactly what information was accessed but said it might include the guest’s name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
- Some of these customers may have had their payment-card numbers and expiration dates compromised. Marriott said that this information was encrypted but that hackers might have managed to decrypt it.
- For the remaining portion of affected customers, the information accessed by the hackers may include the guest’s name and possibly mailing address, email address, or “other information.”
- Marriott uses a separate reservation system on a different network, so it doesn’t appear that guests at Marriott hotels were affected.
- Here’s the breakdown of the affected properties owned by Starwood, a subsidy of Marriott that operates more than 1,000 hotels worldwide:
- Marriott International
Marriott said it had taken some steps to support affected guests. There’s a list of FAQs on the website Marriott created specifically for information about the breach, as well as a call center that’s open seven days a week and available in multiple languages.
Additionally, Marriott said it would pay for guests in the US, UK, and Canada to sign up for a yearlong membership for WebWatcher, whose software monitors where your personal information is shared online. It said US guests would also receive free fraud-consultation services and reimbursement coverage.
Marriott also recommended that if you use the same or a similar password as the one associated with your SPG account, you should change it, as well as be on the lookout for any phishing emails asking for your login details.