Marriott Hack Exposes up to 500 Million Customers

More than 300 million customers potentially had their passport information stolen, company says

Marriott announced on Friday that its Starwood reservation system was hacked, leaving up to 500 million customers vulnerable to having their personal data stolen — including their passport and credit card information.

About 327 million guests had some combination of their “name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure time, reservation date and communication preferences” taken, according to the international hotel group’s announcement. It’s unclear, according to Marriott, how many guests had their encrypted payment information hacked.

“We deeply regret this incident happened,” Arne Sorenson, Marriott’s president and chief executive officer, said in a statement.  “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

Marriott, which runs 6,700 hotels in 129 countries and territories, said it received an alert on Sept. 8 that hackers were attempting to access its security system. After an investigation, the company determined earlier this month its Starwood system had been breached — allowing hackers to access customer information as far back as 2014.

Marriott added it “recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it.”

The hotel chain’s stock dropped more than 5 percent to $115.42 per share on Friday morning.

This breach is far larger than the one that crippled Equifax last year, where more than 140 million customers had their information hacked, including their social security numbers. The hack cost the firm more than $400 million, Equifax announced earlier this year, following government investigation and civil lawsuits.