Complex Made Simple

ME guests of Starwood likely part of database hack of 500 million

Marriott International said on Friday that a guest reservation database of its Starwood Hotel brand was breached, potentially exposing information on about 500 million guests.

Shares of Marriott were down more than 5% in the premarket following the disclosure.

Business Insider, quoted Reuters as saying the company said its investigation showed that an unauthorized party had copied and encrypted information, and that there had been unauthorized access to the Starwood network since 2014.

Read: What do these hotel reward programs really get you?

The damage

“For about 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender among other personal details,” Marriott said.

“For some, the information also includes payment card numbers and expiration dates, but those numbers were encrypted,” the hotel chain added.

There are two components needed to decrypt the payment card numbers, and at this point, Marriott said it has not been able to rule out the possibility that both were stolen.

Marriott bought Starwood in 2016.

Read Travel bug: Wego’s favorite insta-worthy hotels in region

Middle East connection

Starwood Hotels & Resorts Worldwide announced in 2016 that it is on track to grow its portfolio in the Middle East to 100 hotels by 2020.

This followed five new deal signings that will add over 1,200 rooms in the UAE, Saudi Arabia, and Qatar, according to Businesswire.

Across its seven luxury brands, Marriott International operates over 30 hotels with more than 10,000 rooms across the Middle East and Africa and plans to nearly double the number of hotels in the next five years.

Read: Why you should choose holiday homes over hotels

Other top breaches

The hack of 500 million accounts ranks only below Yahoo as one of the biggest of personal data. Yahoo suffered a 2013 security breach that exposed all 3 billion of its users at the time.

In 2017, an attack on Equifax Inc. may have affected about 143 million U.S. customers, also included social security numbers, birth dates, and credit card numbers for about 209,000 consumers.