Marriott Starwood hotel data breach FAQ: What 500 million hacked guests need to know

Here's everything you need to know.

It’s been a couple of months since a major company unveiled a data breach that affected millions of people, so it’s time for a new one. The Marriot hotel chain has announced a major database breach that could affect anyone who stayed at its 6,700 worldwide Starwood hotel properties since 2014—up to 500 million people in total.

That’s a lot of people an a long stretch of time, so check out our FAQ for all of the information:

What happened?

Marriott says it received an alert from an internal security tool on September 8 warning of an attempt to access the Starwood guest reservation database in the United States. In its investigation of the incident, Marriott learned that an unauthorized party gained access to the company’s customer database and “copied and encrypted information, and took steps toward removing it.”

How did the hackers get in?

Marriott isn’t being totally clear here, but it appears as though this wasn’t the usual exploit of a vulnerability. Rather, someone without the proper credentials was able to access the Marriott reservation database to make a duplicate encrypted copy of customer information, which was then presumably taken outside the system.

How far back does the breach go?

Marriott says the unauthorized access goes back to 2014.

Why wasn’t Marriott alerted sooner?

Also unclear, but perhaps the unauthorized party only recently started accessing the system. Or possibly Marriott recently installed new security software that was able to detect the access.

Why are we just hearing about now?

Marriott says it was only able to decrypt the files on November 19, and is still working to uncover the scope of the breach.

What was stolen?

Marriott is still sorting through the data it was able to recover, but for most customers, the following data may have been stolen: name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, and arrival and departure information, along with reservation dates and communication preferences.

What about credit card information?

For some users, Marriott says payment card numbers and payment card expiration dates were included in the stolen data, but card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).

So my credit card is safe?

Possibly not. As Marriott explains: “There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken.”

What about my SPG points?

Marriott says there is no evidence that any loyalty points were obtained, but you should check your account for any suspicious activity.

Has the breach been stopped?

Presumably, but Marriott doesn’t explicitly say whether the unauthorized access has been shut down. However, the chain is working with law enforcement agencies and regulatory authorities, so the likelihood of a continued breach is extremely low.

What is Marriott doing to stop future breaches?

Again, it’s not totally clear if the hacker exploited a vulnerability or merely used an unauthorized password, but Marriott says it is devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.

How do I know if my data was accessed?

Marriott began sending emails on a rolling basis on November 30 to affected guests, so sure to make check you spam folder if you haven’t received one.

What can I do if I was affected?

Marriott has set up a dedicated call center to answer any questions you may have. U.S. Customers can call 877-273-9481 seven days a week to reach a representative.

Should I change my password?

Marriott hasn’t said whether any accounts were accessed or passwords stolen, but it certainly can’t hurt. But this was a breach of the company’s internal database of hotel guests, not online accounts.

Should I cancel my credit card?

Also not a bad idea. If you know the credit card or cards that are on file with Marriott or Starwood hotels, cancelling them now is the best way prevent any future malfeasance.

What else can I do?

Marriott is providing all guests in the U.S., Canada, the UK with the opportunity to enroll in Kroll’s Web Watcher Monitoring Service, which tracks sites where personal information is shared and alerts you if evidence of your personal information is found.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Michael Simon

Michael Simon

PC World (US online)
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?