The records of 500 million customers of the international hotel group Marriott have been released in a data breach.

The hotel chain has revealed that the guest reservation database of their Starwood division has been compromised by an unauthorized party. The database is believed to contain records of up to 500 million customers for reservations made on or before September 10, 2018.

Starwood Hotel Brands include:

  • W Hotels
  • Sheraton
  • Le Meridien
  • Four Points by Sheraton

For approximately 327 million guests, the information stolen included customer name, address, phone number, email address, passport number, account information, date of birth, gender and arrival/departure information. Some records included encrypted payment card information. At this time, authorities cannot guarantee that encryption keys have not also been stolen, meaning payment card information may also be compromised.

What Was Stolen:

  • Name
  • Address
  • Phone Number
  • Email Address
  • Passport Number
  • Account Information
  • Date of Birth
  • Gender
  • Arrival/Departure Information
  • Payment Card Information (Potentially)

Marriott was first alerted by an internal security tool that someone was trying to access the Starwood database. Upon investigation, it was discovered that the unauthorized party had copied and encrypted information, and had access to the Starwood network since 2014. Thus far the perpetrator(s) has not been identified.

The company intends to notify customers whose records were held in the compromised database. Marriott is also going to offer customers in the US and some other countries a year-long subscription to fraud-detection services. It is recommended that those who believe they may have been impacted by the breach monitor their bank statements closely in the following months.

Important Notice:

As with any data breach, scammers may send emails claiming to be from Marriott. The hotel has issued a statement that it will not send any notification emails with attachments and will not request ANY information from its customers via email.

What Next?

If you believe you may have been compromised, visit this website provided by Marriott for details:

This is a large-scale breach, but the fact of the matter is hackers don’t only target large companies. In fact, small and mid-sized businesses are often targeted MORE FREQUENTLY than larger corporations BECAUSE their size gives them a false sense of security. The truth is, NO BUSINESS IS TOO SMALL FOR A HACKER TO TARGET!

We cannot stress enough how vitally important it is to have robust cyber security measures in place on your business network. If you’d like to learn more about improving the cyber security of your business, contact PCI at 914-934-9775 or email We’ll be happy to help you.