Credit card information continues to be vulnerable to theft by hackers, a fact confirmed by the latest massive data breach, announced by Marriott on Nov. 30. The largest hotel company in the world said its database of some 500 million guests at its Starwood hotels had been compromised by hackers who had access to the information between 2014 and September of 2018.
Marriott said information such as passport numbers, email and mailing addresses from 327 million customer accounts was potentially stolen. In some of the cases, the hotel chain said thieves may have made off with customer credit card information.
Starwood brands include: W hotels, Sheraton Hotels & Resorts, Westin, Four Points by Sheraton and others. Marriott acquired the Starwood hotels in 2016.
Marriott said much of the compromised information was encrypted but that it is possible the hackers were able to decrypt it.
On its website, Marriott said: “We moved quickly to contain the incident and conduct a thorough investigation.” The hotel company said it is answering breach-related questions through its website and call center. “We are supporting the efforts of law enforcement and working with leading security experts to improve. Marriott is also devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”
Marriott said it is in the process of notifying customers via email of the breach.
The incident goes down as one of the largest data breaches on record, behind breaches at Yahoo in 2013 and 2014 that affected as many as 3.5 billion people. In December of 2013, data for about 40 million customers of Target Corporation was accessed by hackers. The data included credit and debit card numbers. Hackers accessed the Target information through a third-party vendor. Target had to pay $18.5 million to settle investigations launched by several state authorities.