Marriott International announced today that it is the latest target for a data breach and that the information of up to 500 million guests may have been accessed by hackers through its Starwood reservations database. In 2016, Marriott bought Starwood properties, which include: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels.

Key details about the breach:  

  • Information of customers who made reservations on or before Sept. 10, 2018, at a Starwood property may have been involved. Investigators believe hackers have had access to Marriott’s system since 2014.
  • Data mined from the hack included payment card numbers and payment card expiration dates. A statement from the company explained that a more advanced encryptions method was used, requiring two components to decrypt the payment card numbers. However, Marriott warned that it is still investigating and cannot rule out the possibility that both components were taken.
  • Hackers also obtained other personal data about guests including names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest (“SPG”) account information, dates of birth, gender, arrival and departure information, reservation dates, and communication preferences.
  • Only guests using the Starwood reservation system were affected. Marriott uses a separate reservation system and is on a different network.
  • Marriott has established a website for more information about the database security incident.
  • Today, Marriott will begin emailing guests whose email addresses were in the Starwood guest reservation database. The email will come from the following email address: The email will not contain any attachments or request any personal information and any links will only take email recipients back to the web page dedicated to the incident.
  • Marriott warns SPG guests to monitor their SPG account for any suspicious activity and to review payment card account statements for unauthorized activity. Immediately report such activity to the bank that issued the card.
  • Be vigilant against third parties attempting to gather information by deception (commonly known as “phishing”), including through links to fake websites. Marriott will not ask you to provide your password by phone or email.
  • If you believe you are the victim of identity theft or your personal data has been misused, you should immediately contact your account provider and local law enforcement.

On Sept. 8, 2018, the company was alerted that an unauthorized attempt to access the Starwood Guest reservation database in the U.S. had occurred. Hackers encrypted the stolen information most likely to prevent detection by data-loss prevention tools. The hotel giant wasn’t able to decrypt the stolen information until Nov. 19.

“Living in a digital society places consumers at a higher risk for identity theft, but companies are required to take specific measures to protect their customers’ data,” said Andrew Brashier, a lawyer in Beasley Allen’s Consumer Fraud Section. “Hackers are constantly figuring out new ways to gain access to personal information, so it is incumbent on vendors to stay equally aware and take new and more effective steps to better protect their customers’ data and privacy. Consumers who are victims of a data breach or identity theft should take immediate action to minimize the risk to their credit score and financial accounts.”

Beasley Allen attorneys are investigating reports of consumers affected by the Marriott International/Starwood data breach. If you receive notice that your data has been compromised, please contact Beasley Allen for a free consultation.

Washington Post

We're here to help!

We live by our creed of “helping those who need it most” and have helped thousands of clients get the justice they desperately needed and deserved. If you feel you have a case or just have questions please contact us for a free consultation. There is no risk and no fees unless we win for you.

Fields marked * may be required for submission.

Respectful, understanding, efficient and compassionate

Beasley Allen is one of the most professional organizations I have ever had the pleasure of working with. They are respectful, understanding, efficient, and above all compassionate. They take the best care of their clients in every way possible. They keep us informed and aware of things involved in their clients cases. Their counsel is stellar in the industry. I would highly recommend them to others in their time of need and I have done so.