Massive Marriott Data Breach Affects Fewer Customers Than Originally Announced

From Facebook and Sony’s PlayStation Network to JP Morgan Chase and Equifax, many big companies over the past decade have been involved in data breaches which affect billions of people. In November 2018, Marriot International revealed that its Starwood reservation system has been breached by hackers, exposing the personal data of approximately 500 million guests. However, the Bethesda-based hotel company says the number is actually smaller than originally reported—specifically about 383 million customer records. According to an external and internal investigation, these records included around 5.25 million unencrypted passport numbers, 20.3 million encrypted passport numbers, fewer than 2,000 unencrypted credit/debit card numbers, and 8.6 million encrypted credit/debit cards. The company claims the hackers failed to obtain the master encryption key necessary to unlock the encrypted numbers. The hotel giant determined that a third party had obtained unauthorized access to a Starwood database of guest reservations. Marriott bought Starwood for $13.6 billion in 2016. Marriott’s efforts to merge data from Starwood’s rewards program left millions of customer records in limbo. With the help of outside security professionals, they found that the hackers had taken control of Starwood’s systems back in 2014. The first major security breach Starwood reported was in 2015 when hackers penetrated the company’s cash register systems. The largest hotel chain in the world has 30 brands and over 6,700 properties. You can find a Marriot Hotel in 129 countries and territories. As a result of the acquisition, Marriot now owns Starwood brands such as Sheraton Hotels & Resorts, W Hotels, Westin Hotels & Resorts, and St. Regis. On Fox News in December 2018, U.S. Secretary of State Mike Pompeo claimed that China is possibly behind the data breach. The Asian country has been accused of hacking other giant corporations to obtain customers’ and executives’ personal information. However, Marriott has yet to mention involvement with China. For more information about internet data breaches and the liability of companies who obtain your data, contact our Toledo personal injury lawyers at Williams DeClark Tuschman Co., L.P.A. today.