Home of internet privacy

Marriott loses the data of half a billion customers

This post was originally published on December 7, 2018.

Have you traveled for work or pleasure at any point in the past four years? If yes, you could be one of a staggering number of people who have had their information stolen in a data breach affecting a slew of popular hotel chains.

Up to 500 million people have had their personal data stolen from the Marriott International hotel group, which includes the W, Westin, Le Méridien, Sheraton, and Marriott chains. The breach compromised the data of guest information such as names, credit card details, passport numbers, and dates of birth.

An open source of data since 2014

Marriott first spotted the breach in a guest reservation database on September 8, 2018. An investigation into the matter revealed that unauthorized access to the network had been occurring since 2014.

Furthermore, although the hotel chain’s system encrypted all credit card information by default, Marriott cannot confirm if hackers also managed to steal the keys required to crack the encryption.

The scale of the data breach, combined with the fact it remained unresolved for four years, is likely to attract the attention of the EU and the General Data Protection Regulation (GDPR), which will result in a hefty fine for Marriott.

Another day, another data breach

This is not the first time that a company has lost customer data, and it won’t be the last. In recent years, giants like Yahoo!, Google, and Equifax have all been victim to hacks and huge data losses.

It’s time companies stepped up their game and lay down some security foundations to protect their customers.