500 million Marriott customers have had their data hacked after staying at hotels including W, Sheraton, and Westin
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
Marriott said that this credit card information was encrypted, but that it is possible that the hackers also took the information necessary to decrypt them.
For around 367 million of those affected, Marriott said, the information taken includes some combination of their name, mailing address, phone number, email address, passport number, date of birth, gender, and other information around their Starwood account.
The company determined on November 19 that there had been unauthorized access to the database, which contained information from guests who stayed in Starwood properties on or before September 10 of this year.
"Marriott reported this incident to law enforcement and continues to support their investigation. The company has already begun notifying regulatory authorities," the company said.
Arne Sorenson, Marriott's President and Chief Executive Officer, said: "We deeply regret this incident happened.
"We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward."