Marriott warns of hack. 500 million hotel guests' personal data could be exposed.  - starwood 600 - Marriott warns of hack. 500 million Starwood hotel guests’ personal data could be exposed.

There’s bad news if you’re one of the million guests whose was included on the Starwood guest reservation database.

According to the hotel group, the guest reservation database used for Starwood reservations has been accessed by hackers, exposing the private details of up to 500 million guests.

This includes those who have stayed at the following hotel chains: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton, and Design Hotels that participate in the Starwood Preferred Guest (SPG) program. Starwood branded timeshare properties are also included.

Note that it doesn’t matter if you are a Starwood Preferred Guest (SPG) member or not, if you made a reservation on or before September 10, 2018 for a Starwood property Marriott believes the details you provided may have been compromised.

Marriott’s own-branded hotels use a separate reservation system that the says is on a different network, and not affected.

In an advisory published today (isn’t it funny how so many breaches are announced just before a weekend?), Marriott says it first received a alert about an attempt to access the Starwood database on September 8 2018.

Starwood security  - starwood security - Marriott warns of hack. 500 million Starwood hotel guests’ personal data could be exposed.

During its subsequent investigation Marriott discovered that there had been unauthorised access to the Starwood network since 2014 (Marriott acquired the Starwood Hotels group in 2016 for US $12.2 billion.)

At the start of last week – on November 19 2018 – Marriott was able to confirm that data had indeed been stolen from Starwood’s network, and issued its warning today.

Marriott says that it believes the stolen data contains information on “up to approximately 500 million guests who made a reservation at a Starwood property”.

For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone , email address, passport , Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken. For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information.”

Even if the payment card information is not capable of being decrypted by the hackers, there is plenty of information there which scammers and fraudsters could exploit to their criminal advantage.

Marriott says it has informed law enforcement authorities about the incident, and will assist them in their investigations.

But many will also be wondering what this might mean in terms of GDPR, as there will be many people included in that database who were resident in the European Union.

GDPR, which came into force earlier this year, allows for fines of up to 20 million Euros or 4% of a company’s global annual turnover – whichever is higher.

Ouch. I wonder how Marriott’s share price is going to perform today?

If you’ve stayed at one of the hotel chains affected by this data breach, check out the FAQ from Marriott.

Readers with long memories may recall that Starwood and Marriott hotels have had their fair share of run-ins with cybercriminals in the past, but from the sound of things this data breach is on a much larger .

- aa9ea0686c5d1aa9086d4b12c3aa05f2 s 80 d mm r g - Marriott warns of hack. 500 million Starwood hotel guests’ personal data could be exposed.

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Follow @gcluley





Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here