About the Marriott Starwood Data Breach of 500 Million Guests Announced Today

If you find this useful please share it!


The Marriott hotel chain announced today that their Starwood property has suffered a massive data breach of as many as 500 million guest records. Note that even though the breach was discovered days earlier, they are announcing it on a Friday morning; Friday is known to be the day to announce things if you want them to get the least amount of attention.

This announcement comes just two days after the the announcement of the post office data breach. Earlier this year both Walgreens and Saks 5th Avenue announced data breaches. But at 500 million (that’s a half billion, folks!) data records exposed, the Marriott Starwood data breach is by far the most massive breach of the scope of this sort of data to date. (Yahoo had a data breach of up to 3billion user records in 2016, but is thought to have been limited to usernames, passwords, and dates of birth.)


If the fact that the Marriott data breach was discovered last week, but not announced until now annoys you, then the fact that they had been alerted to an issue in September will probably make you mad, and the fact that it had actually going on since 2014 should make you livid.

According to a statement released by Marriott today, “On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the United States. Marriott quickly engaged leading security experts to help determine what occurred. Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014. The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it. On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.

(Article continues below)
Get notified of new Internet Patrol articles for free!
Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!

Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
About the Marriott Starwood Data Breach of 500 Million Guests Announced Today

But wait, there’s more. Because, while for most of the customers whose data was exposed (at 500million we have to imagine that means all of Starwood’s customers) the exposed data was limited (and we use the term loosely) to “some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences” (uh, that’s a lot), many have also had their credit card details exposed.

Says Marriott, “the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken.” {Emphasis ours}

Said Marriott CEO Arne Sorenson, “We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

According to Marriot, if you have stayed at a Starwood property in the 5 years leading up to September of this year, your data is has been exposed (and quite likely already packaged for sale on the darkweb).

Marriott Starwood has engaged cyber risk mitigation firm Kroll to assist with this, and info.starwoodhotels.com forwards to answers.kroll.com where you can get the latest information.

We know you're sick of ads on websites. But we still need to pay to keep the lights on for you. So instead of huge ads and video ads, we use smaller, plainer ads. Still, if you'd like to support the Internet Patrol but not the ads, please consider supporting us here:
Donate via Paypal
Other Amount:

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!

About the Marriott Starwood Data Breach of 500 Million Guests Announced Today

Get notified of new Internet Patrol articles!
People also searched for starwood breach announcement

If you find this useful please share it!

Leave a Reply

Your email address will not be published. Required fields are marked *