Marriott Hit By One of the Biggest Hacks in History

Info like credit card numbers, passport numbers, and emails may have been compromised.
Info like credit card numbers, passport numbers, and emails may have been compromised.

Marriott announced on Friday that a hack has exposed information from as many as 500 million guests.

In 327 million of those cases, information like mailing addresses, phone numbers, birth dates, gender, reservation data, passport numbers, and email addresses were compromised. In millions of other cases, credit numbers and expiration dates may have been exposed.

The initial hack took place in 2014. An internal security tool notified Marriot personnel of suspicious activity in September of this year, though the hotel giant claims that it only found the breach last week.

“Marriott deeply regrets this incident happened,” the company noted in a statement. “From the start, we moved quickly to contain the incident and conduct a thorough investigation with the assistance of leading security experts.”

Marriott says that the breach affected its Starwood hotels, a group which it acquired in 2016. The Starwood hotels include brands like Sheraton, St. Regis, Westin, Element, W Hotels, Four Points, Aloft, The Luxury Collection, and Le Méridien.

Marriott has set up a call center and website to help customers deal with the breach and has been sending emails to the people affected. The company is also working with law enforcement to investigate the hack. It is distributing free WebWatcher services for a year to alert customers if their personal information is located on a suspicious third-party site.

CNN reports that Marriott may have to pay a heavy fine under the General Data Protection Regulation since some of its customers hail from the United Kingdom and the European Union. The company’s shares fell almost 6 percent before the opening bell.

This breach is one of the largest ever to affect a corporation. The Equifax breach from 2017 exposed 145.5 million people, while a Target hack compromised information from more than 60 million customers. These incidents still don’t come close to the Yahoo breaches in 2013 and 2014, which affected 3 billion accounts.