Hotel chain The Marriott has unveiled the scope of a data breach that saw up to half a billion of its guest’s personal data; says it will pay for new passports of those impacted.
The story first broke on the 30th of November, but now we have more details to report on in terms of the wide scope of the attack, and the Marriott’s response.
The Marriott told government investigators that its Starwood subsidiary’s reservation system had been compromised for up to the past four years. In that time, the private details, including dates, dates of birth, even credit card numbers were accessed by a third-party, which may have had access of up to 500-million of its guests.
As the Washington Post writes that the information gathered included much “rarer prizes for hackers, such as passport numbers, travel locations and arrival and departure dates.”
Considering the Marriott’s large empire, the third-party managed to gain access to the database of guests that had stayed at Sheraton, Aloft, Le Meridien, Four Points and W Hotels.
Earlier this week, the Marriott announced it would pay for replacement passports for those impacted, if the company “finds that customers have been the victims of fraud,” according to the Washington Post.
“We are setting up a process to work with our guests who believe that they have experienced fraud as a result of their passports being involved in this incident.” Marriott spokesperson Connie Kim said in an email.
“If, through that process, we determine that fraud has taken place, then the company will reimburse guests for the costs associated with getting a new passport.” She said.
“It’s not just that it’s been continuing for four years, but that there were significant opportunities for higher scrutiny,” Paige Boshell, a cyber risk management and response consultant with Privacy Counsel LLC told The Washington Post.
Marriott International has more than 6,700 properties around the world.
“We deeply regret this incident happened,” said Arne Sorenson, Marriott’s President and CEO.
“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, using lessons learned to be better moving forward.”
Marriott International’s stock price dropped 6% when the details went public.
“We will continue to support the efforts of law enforcement and to work with leader security experts to improve. Finally, we are devoted resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.” Sorenson said.