According to Marriott Group, its servers and database were breached, compromising 500 million guests information from credit card details to other data.
Reportedly, there is a probability that it had been breached previously as well, and possibly multiple times.
The information stolen includes credit card information, passport scans, addresses, phone numbers and email IDs.
This news was announced by Marriott Group on 30th November and was identified as cybercrime. Apparently, these breaches have been going on since 2014. The group was unaware of the breach as it surfaced only after September.
An alert had gone off to the IT department after an unauthorised access was attempted. Accordingly, cybersecurity firm Recorded Future has stated that the data has not yet been spotted on the dark web.
However, a lot of the data which was stolen holds a potential threat to the victims, including possible identity theft. Marriott confirmed the specific type of data that was lifted off from their servers – names, address, phone numbers, emails, account information, passport information, date of birth, gender and encrypted credit card details.
Not just that, the hotel chain also hinted that the hackers might have captured the keys to the credit card details, meaning that the hackers can make transactions without notifying the account owner.
The Starwood’s reservation system, the same one which was hacked, is also used for other hotel chains all around the world. These include Sheraton, Westin, W Hotels, St. Regis, Four Points, Aloft, Le Méridien, Tribute, Design Hotels, Elements and the Luxury Collection. However, the Residence Inn and the Ritz-Carlton.
Marriott Group Sued
Marriott Group has alerted the authorities about the breach and is helping the officials catch the culprits behind the massive breach. However, just a couple hours after they broke the news, the group is now being sued for “negligence, breach of confidence, and deceptive and unfair trade practices”.
On the other hand, US Senator Ron Wyden has argued that those employees who are unable to keep the data of their customers safe from hackers should be sent to jail.
He reportedly said:
Until companies like Marriott feel the threat of multi-billion dollar fines and jail-time for their senior executives, these companies won’t take privacy seriously,
Precaution for Customers
The group is reaching out to customers whose data has been compromised and is doing everything in their ability to secure your information.
However, if you are one of the victims, the hotel chain will reach out to you if not already done so with step-by-step information guide on what you can do to keep your personal information safe.
There is a dedicated website by the Marriott Group where guests can reach out for assistance.