If you made a reservation at a Starwood hotel on or before September 10, 2018, your personal data--including name, email, and credit card information--may be compromised.
Marriott said Friday it discovered a breach in its Starwood guest reservation database that could affect up to 500 million guests. For the majority of the affected guests--327 million--the stolen information includes some combination of name, mailing address, phone number, passport number, date of birth, gender, arrival and departure dates, and Starwood rewards program information. Hackers also got away with credit card numbers and expiration dates for some of these guests, though Marriott did not specify how many. For the remaining guests, exposed information was limited to name and mailing address, email address, "or other information," Marriott said. Hackers have had access to the information since 2014, according to the company, which is still investigating the incident.
"Marriott recently discovered that an unauthorized party had copied and encrypted information, and took steps toward removing it," the hotel chain said in a statement, adding that it deeply regretted it happened. "Marriott is working hard to ensure our guests have answers to questions about their personal information with a dedicated website and call center."
As for the credit card information, Marriott says that it was encrypted with a system that requires two components to decrypt it. The hotel chain admitted, however, that it could not "rule out the possibility that both were taken." Marriott has already notified law enforcement and started alerting affected guests via email. The hotel chain will provide a free one-year subscription to WebWatcher, a security monitoring service, to affected individuals in the U.S., Canada, and the U.K.
For more information about how to contact Marriott and enroll in WebWatcher, check out this website.