As many as 500 million guests may potentially have had their personal information exposed in an illegal hack of its Starwood database that began since 2014, Marriott International announced on Friday.
The company said in a statement that for 327 million guests, personal information compromised could include some combination of name, mailing address, phone number, email address, passport number, date of birth and Starwood Preferred Guest account information among other personal details.
For others, the information could include credit card numbers and expiration dates, but those numbers were encrypted, the hotel chain said.
There are two components needed to decrypt the payment card numbers, and at this point, Marriott said it has not been able to rule out the possibility that both were stolen.
Marriott said it learned about the breach after an internal security tool sent an alert on September 8. That was when a probe was launched and the unauthorised access discovered. It was only on November 19 that Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.
The incident has already been reported to law enforcement, and the company has also notified regulatory authorities.
The hospitality giant said that it has been sending emails to affected guests beginning Friday.
Properties under Starwood include Sheraton, Westin, W Hotels, St Regis, Four Points, Aloft, Le Méridien, Tribute, Design Hotels, Elements and the Luxury Collection.
“We deeply regret this incident happened,” said Arne Sorenson, Marriott’s president and CEO. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
Sorenson added that resources will be devoted to phase out Starwood systems, and accelerate the ongoing security enhancements to the Marriott network.
Marriott bought Starwood in 2016 for US$13 billion, and 30 hotel brands currently fall under the Marriott umbrella. It is the largest hotel chain in the world with more than 6,700 properties in 129 countries and territories.