• Saturday, Oct 16, 2021
  • Last Update : 10:58 pm

Marriott's Starwood database hacked, 500 million may be affected

  • Published at 11:06 pm November 30th, 2018
A doorman's hat at Sheraton hotel, a brand of Starwood Hotels & Resorts Worldwide, is pictured in Warsaw in this February 24, 2012 file photo. REUTERS/Kacper Pempel/Files/File Photo

Shares fell 5% after disclosure of the hack, one of the largest in history, which prompted regulators in Britain and at least three US states to announce plans to look into the attack

Marriott International Inc said on Friday that hackers accessed about 500 million records in its Starwood Hotels reservation system in an attack that began four years ago, exposing personal data of customers including some payment card numbers.

Shares fell 5% after disclosure of the hack, one of the largest in history, which prompted regulators in Britain and at least three US states to announce plans to look into the attack.

The hack began in 2014, before Marriott offered to buy Starwood for $12.2 billion in November 2015, acquiring brands including Sheraton, Ritz Carlton and Westin to create the world's largest hotel operator. The company closed the Starwood deal in September 2016.

Passport details, phone numbers and email addresses of some 327 million Marriott customers were exposed, according to the company. Credit card data may have been taken for other customers, it said.

"What makes this serious is the number of people involved, the intimacy of the data that was taken and the long delay between the breach and discovery," said Mark Rasch, a former US federal cyber crimes prosecutor.

Customers complained to Marriott through its account on Twitter, where Starwood was among the top trending US topics. Some criticized the company, using terms including "duped," "angry" and "merger disaster" to describe the incident.

Marriott said it learned of the breach on September 8 when an internal security tool sent an alert about suspicious activity.

"We fell short of what our guests deserve," Marriott Chief Executive Arne Sorenson said.

The offices of attorneys general in Connecticut, Illinois and New York said they would investigate the attack, as did the UK's Information Commissioner's Office. A representative with the U.S. Federal Trade Commission declined comment.

Marriott said it would inform affected guests about the breach starting Friday, and that it had reported it to law enforcement and regulatory authorities.

The breach appeared to be the second-largest on record after one at Yahoo in 2013 that exposed all of its 3 billion user accounts. That breach cost $47 million in litigation expenses and prompted Verizon Communications Inc to cut $350 million off the price it paid when it acquired most of Yahoo.

Marriott said it was too early to estimate the financial impact of the breach and that it would not affect its long-term financial health. The hotel chain said it was working with its insurance carriers to assess coverage.

Baird Equity Research said in a note to clients that breach-related costs, including legal fees, technical expenses and increased security, could force Marriott to delay the rollout of a new customer loyalty program planned for early 2019.

"Investor sentiment toward Marriott could remain somewhat negative in the near term until this security incident is fully resolved and its true financial impact is learned," Baird said.

The Hyatt breach highlights the need for companies to pay close attention on cyber security when making acquisitions.

"Understanding the cybersecurity posture of an investment is critical to assessing the value of the investment and considering reputational, financial, and legal harm that could befall the company," said Jake Olcott, a vice president with cybersecurity firm BitSight.

Starwood brands include W Hotels, St Regis, Sheraton Hotels & Resorts, and Westin Hotels & Resorts.

Facebook 51
blogger sharing button blogger
buffer sharing button buffer
diaspora sharing button diaspora
digg sharing button digg
douban sharing button douban
email sharing button email
evernote sharing button evernote
flipboard sharing button flipboard
pocket sharing button getpocket
github sharing button github
gmail sharing button gmail
googlebookmarks sharing button googlebookmarks
hackernews sharing button hackernews
instapaper sharing button instapaper
line sharing button line
linkedin sharing button linkedin
livejournal sharing button livejournal
mailru sharing button mailru
medium sharing button medium
meneame sharing button meneame
messenger sharing button messenger
odnoklassniki sharing button odnoklassniki
pinterest sharing button pinterest
print sharing button print
qzone sharing button qzone
reddit sharing button reddit
refind sharing button refind
renren sharing button renren
skype sharing button skype
snapchat sharing button snapchat
surfingbird sharing button surfingbird
telegram sharing button telegram
tumblr sharing button tumblr
twitter sharing button twitter
vk sharing button vk
wechat sharing button wechat
weibo sharing button weibo
whatsapp sharing button whatsapp
wordpress sharing button wordpress
xing sharing button xing
yahoomail sharing button yahoomail