Marriott investigating hack involving 500 million guests
Marriott International announced Friday that is investigating a hack to its Starwood Hotels reservation database that potentially allowed access to personal information on about 500 million guests.
Marriott said that they were alerted about the breach by an internal security tool on Sept. 8 2018, which revealed there had been unauthorized access to the Starwood network since 2014, according to a statement on their website.
The hack could have exposed “information on up to approximately 500 million guests who made a reservation at a Starwood property,” Marriott said.
Marriott, which acquired Starwood in 2016, said it has reported the hack to law enforcement and is supporting their investigation.
The hotel chain will also email the affected guests on Friday.
A representative from Marriott declined The Hill’s request to comment beyond the statement.
New York state Attorney General Barbara Underwood (D) said her office is opening an investigation into the breach.
“We’ve opened an investigation into the Marriott data breach,” she tweeted. “New Yorkers deserve to know that their personal information will be protected.”
Shares of the company fell nearly 6 percent in pre-market trading Friday.
If initial estimates are correct, this could be the second largest hack of a company by number affected after Yahoo’s 2013 security breach that reached 3 billion users.
Michael Daly, the CTO of Raytheon Intelligence’s cybersecurity division, said that the breach is not just a concern for those affected, but for the nation’s security.
“This is much more than a consumer data breach,” he said. “When you think of this from an intelligence gathering standpoint it is illuminating the patterns of life of global political and business leaders including who they traveled with when and where. That is incredibly efficient reconnaissance gathering and elevates this breach to a national security problem.”
Updated at 10:52 a.m.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.