Personal data on up to half a billion guests have been stolen by unknown hackers who breached the reservations database for Starwood hotels, one of Marriott’s subsidiaries, agencies report.
New York’s attorney general Barbara Underwood launched an investigation on Friday into the breach which included names, email addresses, passport numbers and even some credit card details of at least 37 million customers.
Marriott fears hackers might be able to decode the encrypted credit card data. It has contacted all customers whose data were stolen and expressed regret over the incident.
One of the world’s largest hotel chains, Marriott received an alert from an internal tool about a possible attempt to hack its database in September. Investigators discovered early last month that an unauthorised party had copied and encrypted information, and took steps towards removing it. They found that the hackers were having access to Starwood network since 2014 and were targeting its reservations database.
Marriott purchased Starwood in 2016 and the hacking went on unnoticed.
The Starwood IT system will be discontinued in the light of the massive data theft.
Starwood operates hotels under various names such as W Hotels, St. Regis (above), Sheraton Hotels & Resorts and Westin Hotels & Resorts.
The data theft at Starwood is one of the worst in recent years.
In 2013, hackers gained access to data on all of Yahoo’s three billion customers.
The same year, they targeted the cash register systems of Target, a US department store chain, exposing the credit card data of 110 million customers.
In May 2014, eBay found that hackers had accessed the data of about 145 million customers, including email and residential addresses, as well as login information.