A booking database at Starwood Hotels, a subsidiary of the Marriott hotel chain, was targeted by a cyber attack that could affect up to 500 million people, writes The Independent.
Personal information that has been used to book rooms at Starwood properties of the Marriott hotel chain has been accessed by unauthorized people. All Starwood brands were affected by data theft, among them: Sheraton, W Hotels, St. Regis, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. The cyber attack targeted people on their credit cards that could be used to steal money, Marriott warned. Sensitive information was protected so that it could not be read even if people had access to the database. But the attackers could also steal the codes needed to decrypt the data and read it, Marriott informed.
“We regret that this incident has occurred. We did not offer the guests what they deserved and we disappointed ourselves. We are doing everything we can to support our guests and we use this lesson to make things better in the future, “said Arne Sorenson, President of Marriott. “Today, Marriott reaffirms its commitment to our guests around the world. We work hard to make sure our guests have answers to questions about their personal information, having a dedicated website and a line where they can call. We will continue to support the efforts of the authorities and work with security experts to improve ourselves. Finally, we allocate resources to speed up security improvements in our network, “she added. Marriott was alerted to a possible attack for the first time in September. Then the hotel communicated, a person trying to access the database was found.
Later, it was discovered that more people had accessed the database since 2014 and copied the information. The company said it had informed the authorities and worked with them on the investigation. Relevant authorities have also been announced to regulate such incidents. In Europe, they can impose substantial fines for such attacks, according to the new rules on personal data protection. Also, customers received free access for one year to a monitoring service to see if their personal information was accessed by unauthorized people on the internet. Marriott bought the Starwood hotel chain in 2016.