Marriott has released an update on the breach of the Starwood guest reservation data breach which affected 500 million guests.
When investigating the incident, Marriott learned that there had been unauthorised access to the Starwood network since 2014.
It discovered that an unauthorised party had copied and encrypted information, and took steps towards removing it.
On November 19, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.
The breach, reported on December 3, included some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
Dedicated call centre
Marriott has set up a dedicated website and call centre to answer its customers’ questions about their personal information and the data breach.
The call centre is available in multiple languages and Marriott warned that they would be likely to experience high call volumes initially.
Marriott also reported that it began sending emails on a rolling basis on November 30 to affected guests whose email addresses are in the Starwood guest reservation database.
Free identity monitoring
In certain countries and regions, Marriott is offering affected guests the opportunity to enrol in a personal information monitoring service free of charge for one year.
This will be provided by Experian, a global data and information service provider.
This service (IdentityWorks Global Internet Surveillance) is available to residents of Australia, Brazil, Germany, Hong Kong, India, Ireland, Italy, Mexico, New Zealand, Poland, Singapore, Spain and the Netherlands.
IdentityWorks Global Internet Surveillance monitors whether a user’s personal data is available on public websites, chat rooms, blogs, and non-public places on the internet where data can be compromised, such as "dark web" sites, and generates an alert to if evidence of their personal information is found.
This is an optional service, and how much information users want to include in the identity monitoring is completely at their discretion.
Starwood properties impacted include:
At the time of the disclosure, Marriott president and chief executive officer Arne Sorenson said, “We deeply regret this incident happened.”
“We fell short of what our guests deserve and what we expect of ourselves.
“We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”