WASHINGTON — Marriott International, one of the world’s largest hotel chains, revealed Friday that its Starwood reservations database had been hacked and that the personal information of up to 500 million guests could have been stolen.
The data breach involved information mined from the database for Starwood properties, which include Sheraton, Westin and St. Regis hotels.
An unauthorized party had accessed the database since 2014, company officials said.
The breach included names, email addresses, passport numbers and payment information, according to the hotel giant.
“We deeply regret this incident happened,” Arne Sorenson, Marriott’s chief executive, said in a news release. “We fell short of what our guests deserve and what we expect of ourselves.
“We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
With the information of 500 million people having been compromised, Marriott’s breach is one of the biggest in history, second only to Yahoo’s breaches in 2013 and 2014, which affected three billion user accounts.
The suburban Bethesda, Md.-based company said that it reported the breach to law enforcement and is notifying regulatory authorities.
ARTICLE CONTINUES BELOW ADVERTISEMENT
The hotel chain has set up a website and call center to answer questions at info.starwood.com, and it is emailing affected guests beginning Friday.
News of the breach sparked questions among cybersecurity experts about whether the hackers were criminals collecting data for identity theft or nation-state spies collecting information on travelers worldwide, including possibly diplomats, business people or intelligence officials as they moved around the globe.
Hotel chains, with their vast customer databases and proprietary Wi-Fi networks, likely make appealing targets.
“We know that the hospitality business is a very attractive target for nation states,” said Thomas Rid, a political-science professor at the Johns Hopkins School of Advanced International Studies who specializes in cybersecurity issues.
“You can more easily hack some high-value targets from within a hotel Wi-Fi.”
The company has with more than 6,700 properties around the world.