Marriott announces data breach of up to 500 million Starwood guests

What happened at Marriott?

Marriott disclosed that its Starwood guest reservation database, which spans W Hotels, Sheraton, Westin, St Regis, and other brands, suffered a large data breach. Unauthorized access to the database was detected in September 2018, but an internal investigation showed that it had been ongoing since 2014.

Marriott’s investigation into the breach is still ongoing, however the database that was accessed contains personal information on up to 500 million Starwood guests who made a reservation on or before September 10, 2018. For approximately 327 million of these guests, the information includes some combination of the following:

• Name
• Mailing address
• Phone numbers
• Email addresses
• Passport numbers
• Date of birth
• Gender
• Starwood Preferred Guest (SPG) account information
• Arrival and departure information
• Possibly encrypted credit card numbers and expiration dates

Marriott said it will begin emailing guests affected by the breach and has created an informational website.

Things to do immediately:  change your Marriott/Starwood password, and if you use that password elsewhere change it in those places as well…