Nov. 30 (UPI) — Marriott said Friday a data breach detected weeks ago may have exposed the personal information of about 500 million guests at several hotel brands, including the W and Sheraton.
The world’s largest hotel chain said it learned in September there had been unauthorized access to the Starwood guest reservation system. Marriott said it hired cybersecurity experts and eventually learned that data had been copied and stolen.
For about 327 million guests, the stolen information included a combination of names, addresses, phone numbers, email addresses, passport numbers, dates of birth and travel plans, the company said in a statement.
For other guests, hackers attempted to take credit card numbers and expiration dates, though it’s unclear if they were successful. Some customers had only mailing addresses and email addresses stolen.
Marriott said it found its reservation database has been compromised since 2014 and unauthorized access could affect bookings made as recently as Sept. 10.
“We deeply regret this incident happened,” Marriott President and CEO Arne Sorenson said. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests and using lessons learned to be better moving forward.”
Starwood systems will be phased out as Marriott makes security enhancements, Sorenson added.
“Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call center.”
Marriott, which bought Starwood hotels in 2016, said it’s established a website and call center for guests concerned about the breach.