If you’ve stayed at a Starwood hotel in the past few years, it’s time to buy some credit monitoring. The Marriott International-owned hotel brand has reported a massive hack that saw the details of over 500 million customers accessed by an unauthorized party.
The hotel chain says that the attackers have been able to access the company’s internal network — including the guest reservation database — since 2014.
For 327 million unlucky customers, the data accessed includes sensitive personal information like address details and passport numbers.
Marriott International, which acquired Starwood in 2016, says the information also contains payment card information,. This was saved in an encrypted form, but the firm could not rule out the possibility that the hackers had also made off with the encryption keys.
In a statement, the company apologized for the incident, and said it has reported the incident to the relevant law enforcement and regulatory authorities.
Commenting on the hack, Tom van de Wiele, security consultant at F-Secure, bemoaned the fact that it took Marriott over four years to detect the breach.
“The most disappointing part of this hack is the fact that the amount of data stolen is one of the bigger ones of the last few years and further made worse by the fact that the compromise had been going on for at least four years according to several online publications. This indicates that as far as security monitoring and being able to respond in a timely and adequate fashion, Marriott had severe challenges being able to live up to its mission statement of keeping customer data safe,” he said.
Security experts are recommending that Starwood customers contact their banks for a replacement credit card, and to start monitoring their credit history for fraud.
“Although it might be a nuisance, affected customers should contact their credit card company to disable their compromised card, create a new account and order a replacement. By now, I am sure we have all had to do this. In addition, those people will need to begin (or continue) monitoring their credit history,” said Bill Evans, senior director at One Identity.
Fortunately, for customers in the UK, Canada, and the United States, there’s some good news on that front. Marriott is offering a year’s subscription to the WebWatcher fraud protection service. To find out how to sign up, click here.