Marriott reports data breach of Starwood hotels guest database
Hackers compromised Marriott’s Starwood Hotels guest reservation system. Marriott International Inc. announced that hackers compromised their Starwood Hotels guest reservation system beginning in 2014. The data of about 500 million hotel customers was hacked over a span of years. Hotel customer information including passports and credit cards were compromised along with other personal information.
The hack began before Marriot merged with Starwood. Marriott officials stated that hackers had “unauthorized access” to the Starwood reservation system since 2014 until the cyber security breach was discovered last week. The numbers, so far, making this the second largest hack in US history. Many times, data breach numbers are revised upward as the investigation carries on.
Marriott Hack – Am I Affected?
Marriott officials will be sending emails to the 500 million customers affected by the data hack. There was no timeframe given. I did stay at Aloft during the period when hackers were in the guest reservation system. I’m also a Marriot rewards member. I have not received an email.
The last time I emailed Marriot regarding the rewards programs merger, it was over three months before they responded. Just sayin’ ?
What Marriot Brands are Affected by The Hack?
The hack affects Marriott’s Starwood hotels. Customers that made a reservation at these Starwood hotel brands, since 2014, may be affected:
- The Luxury Collection
- Four Points by Sheraton
- W Hotels
- St. Regis
- Le Méridien
- Tribute Portfolio
- Design Hotels
In its quarterly filing dated November 6, Marriott added information about cyber security concerns. The filing stated, “We have experienced cyber-attacks, attempts to disrupt access to our systems and data, and attempts to affect the integrity of our data, and the frequency and sophistication of such efforts could continue to increase.”
What Information was taken by Marriot Hackers?
The Marriott hack affects an estimated 500 million Starwood hotel guests. The name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences of about 327 million of the 500 million customers was stolen by hackers. Marriott also said that some credit card numbers may also be compromised.
The credit card numbers were encrypted in the guest reservation system. However, Marriott said it may be possible that hackers can decrypt the credit card numbers. There are two components needed to decrypt data secured with Advanced Encryption Standard encryption. Marriott has not been able to rule out the possibility that both were hacked.
Marriott Hack – What Do I do next?
Marriott’s phone number is In the USA & Canada is 1-800-535-4028
The main Marriott.com reservation webpage conveniently does not mention the hack at all. The press release can be found elsewhere on thier website. Although the Marriott press release lures you into thinking that the information can be found on the old Starwood.com website (which has not run in some months.) It’s not on Starwood. It is actually on a third-party cyber security firm’s site.
Here is what Marriott is offering to help impacted hotel guests.
Marriott Dedicated Call Center
Here are the perks that Marriot is supposedly offering hacked customers.
- A Dedicated Call Center
Marriott established a dedicated call center -although no phone number for that call center was given. A+ customer service. The website also proactively excuses itself for its anticipated high-call volume. Sounds like they plan of staffing with enough people to answer right away? Message me if you can find the dedicated call center number.
If you’re looking for Marriot’s phone number, In the USA & Canada Marriott’s phone number is In the USA & Canada is 1-800-535-4028.
I called the number since I have rewards member status. My call to Marriott customer service was met with a phone tree and no mention of the data hack or what to do. The menu selection did not give an option to find help with the data hack. The voice prompt did not recognize “data hack” as a dialing option either. If you want to blow by the phone tree press #5 at the voice prompt for the need help with “something else” option. After being transferred, the phone line rang busy and was disconnected. Good job once again Marriott. Sounds like my friends who transferred to Hilton last summer were on to something.
- Email Notification
Marriott supposedly began sending emails on a rolling basis on November 30, 2018 to affected guests from the Starwood guest reservation database. I’m still waiting for mine.
- Free WebWatcher Enrollment
Marriott is providing hacked guests one-year of WebWatcher service which monitors websites for black market data. The link to begin the enrolment process goes nowhere. Nice work again Marriot.
When Did Marriot and Starwood Merge?
Marriot International, Inc bought Starwood and its brands in September 2016. The sale was valued at about $13.6 billion. The deal created the world’s largest hotel chain with 1.3 million rooms and more than 110 million loyalty program members. Marriott completed the merger of the two brands’ loyalty programs in August 2018.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers