Today Marriott International announced it had discovered a data security incident involving its Starwood guest reservation database. The hotel group has detected unauthorised access to guest information relating to reservations at Starwood properties since 2014.
We take your security very seriously. We want to let you know that our team is already hard at work to identify whether any customers have been affected.If we have reason to believe that you may have been affected, then we will be contacting you shortly.
If you’re concerned because you may have made transactions with Marriott International, we recommend you use the customer support Marriott International has established. You can find more information on the website it has dedicated to this incident, which you can find here.
If you are notified by Marriott International that you have been affected by this breach, please forward this communication to our support team and we will issue you a new card for you for free.
As always, if you have any questions about this, our support team is here to help.
Marriott believes that this may have affected the information of up to 500 million guests who made a reservation at a Starwood property.
Starwood brands include: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties are also included.
The types of affected data include: name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, communication preferences – and most importantly, payment card numbers and expiration dates. Marriott is saying that payment card numbers were encrypted, but they also aren’t ruling out the possibility that the encryption method was compromised:
For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken.
However, we do know for a fact that all of our current active customers have cards issued after July 2017, when we migrated from Visa to Mastercard, so this would only affect customers with relevant transactions after this date.
We take your security very seriously, and we want to let you know that our team is already hard at work to identify whether any customers have been affected.
We will follow up with all our customers who we believe are affected by this. If you are among those affected, we may cancel and reissue your affected Monese cards – this would come at no expense to you - will however be in touch with you directly before we take this action.
Since other types of data have been potentially accessed (such as names and email addresses), we also recommend that you watch out for any potential phishing scams, spam emails, or any out of the ordinary communications.
Marriott says it has begun sending emails to affected guests whose email addresses are in the Starwood guest reservation database. They have also set up a dedicated call center to answer questions about this incident, which is open seven days a week and is available in multiple languages. If you receive any such communication from Marriott, please forward this to our support team and we will issue a new card for you for free.
Additionally, Marriott is providing its guests with a free year of ‘WebWatcher’. This is a tool that monitors sites where personal information is shared and alerts you if evidence of your personal information is found (however this will only be available to our UK customers).
Marriott International announced that passport details may have been compromised as part of this breach. Your passport details are incredibly sensitive. If Marriott confirms that your passport details have been affected, we recommend that you check with your passport issuer on the steps you should take next.
We take every step possible action to protect your financial details and this has always been central to our business operation.
We routinely take proactive measures to ensure that, as much as is possible, your data remains safe and secure. The security of our customers is of utmost importance to us and we will always work to protect you, your details and your finances.
Here are some tips for staying safe
Low-cost airline easyJet has revealed a cyber-attack where customers’ personal data has been exposed
Official pages and other things to check for when talking to our team