The Starwood guest reservation was systematically hacked exposing about 500 million guest records.
The Starwood chain operates W Hotels, St. Regis, Sheraton Hotels and Resorts, Westin Hotels and Resorts, Element Hotels, Aloft Hotels,The Luxury Collection, Tribute Portfolio, Le Méridien Hotels and Resorts, Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties are also included.
Marriott, the new owners of the Starwood Hotel chain, reports that about 500 million records from about 327 million guests are part of the data hack.
The good news, for Marriott, is that the attack began in2014 before it bought the Starwood Hotel Group in September 2016. It only discovered the extent of the breach in September 2018.
The bad news is that the data could include some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender,arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128) which is at risk if encryption keys have been stolen.
The geographic location of the Starwood hotels is unknown.
Marriott can only disclose that the guest reservation database hack so you must assume worldwide coverage. The dedicated call centre numbers are:
|United Arab Emirates||8000-3201-34|
+81 3 5423 6539
South Korea |
+81 3 4334 2202
+86 20 38157000
Marriott will inform affected guests where their Starwood email record is current.
What should you do if you think you may be at risk?
- Change all passwords, email or otherwise, associated with your hotel loyalty program accounts. If you have used that password on other accounts change that to – never re-use passwords.
- Use a combination of uppercase and lowercase letters, symbols, and numbers
- Monitor your financial accounts and report any suspicious activity.
- Beware of websites offering to check if you were affected by the breach, as it may be a trick to steal your personal information. Use Norton Safe Web, a free service to check a website’s reputation.