HOTEL CHAIN Marriott International has fessed up to a major security breach affecting some 500 million customers.
The hack, which could be the biggest since Yahoo's 2013 data breach that exposed data on all three billion of its users, saw the guest reservation database of its Starwood hotel brand compromised by an unauthorised party, Marriott said in a statement on Friday.
Worse yet, it noted that an internal investigation found an attacker had been able to access the Starwood network since 2014.
For about 327 million of the 500 million affected, the pilfered information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender among other personal details, Marriott said.
And for some, the information also includes payment card numbers and expiration dates, but those numbers were encrypted, the hotel chain said. However, it admitted that there are two components needed to decrypt the payment card numbers, and "at this point, Marriott has not been able to rule out the possibility that both were taken."
Arne Sorenson, CEO and President of Marriott, said: "We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward."
"Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call centre.
"We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network."
The breach affects those who made a booking on or before 10 September 2018, Marriott said, adding that it will contact those who potentially had their data exposed.
The company added it reported this incident to law enforcement and continues to support their investigation and has already begun notifying regulatory authorities. µ
Wants to stop the apathy surrounding security breaches
Come on Barbie, let's go party... with Siri
Penguin joins Club, takes biscuit
The social network knows what you did Summer 2007