Skip to main content
  1. Home
  2. Business
  3. News

Marriott asking guests for data to see if they were victims of the Starwood hack

By

Marriott is now offering an easy way to confirm if your personal details were stolen in the massive Starwood hack that was revealed by the hotel giant in November 2018.

Guests who suspect their data may have been involved are being asked to fill out an online form, which will allow the company to make an accurate check. But the company is unable to say how long it will take to respond, saying only that it will reply “as soon as reasonably practicable and consistent with applicable law.”

Recommended Videos

Yes, it is rather ironic that you have to submit personal data to find out if your personal data was stolen. But if you feel you can still trust the company to handle your data in a secure manner, then the process has the potential to offer peace of mind about whether or not your details were caught up in the hack.

Related: 
The 8 best TVs for gaming in 2025, as vetted by our experts

The damaging security breach, which was first reported in November last year, affected accounts that had used Starwood’s guest reservation database between 2014 and September 10, 2018.

The hack shocked many not only for its size, but also for the wide variety of data taken. The initial announcement suggested as many as 500 million guests were involved, with lifted information including a combination of name, address, date of birth, gender, phone number, email address, passport number, Starwood Preferred Guest account information, arrival and departure information, reservation date, and encrypted payment card numbers.

Having now removed duplicate records, Marriott announced in recent days that it’s been able to identify “approximately 383 million records as the upper boundary for the total number of guest records that were involved in the incident.”

It added that this doesn’t necessarily mean that 383 million unique guests were involved, “as in many instances, there appear to be multiple records for the same guest.”

What it can now say, with a fair degree of certainty, is that the stolen records included around 8.6 million unique payment card numbers, all of which were encrypted. Some 5.25 million unique unencrypted passport numbers and approximately 20.3 million encrypted passport numbers were also nabbed in the breach.

For the latest information on the hack, visit Marriott’s special webpage. Mention of the online form can be found at the top of the FAQs, under the question: “Was my information involved in the incident?”

Marriott acquired Starwood in September 2016 in a deal worth around $13.6 billion. Starwood brands include the likes of Le Meridien, Sheraton, St. Regis, Westin, and W Hotels, among others.

Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Topics

Editors’ Recommendations

Here’s the major mistake one LAPSUS$ hacking victim made
A digital depiction of a laptop being hacked by a hacker.

Digital security authentication company Okta raised eyebrows when it confirmed it was targeted by Microsoft and Nvidia hackers, LAPSUS$, around two months after the breach occurred.

The wait between the initial period of the cyber security incident and the official acknowledgment of the hack caused serious concern among security researchers and the technology community. Now, Okta has published an FAQ regarding the situation where it admits the firm made a mistake.

Read more
Tesla factories’ security cameras caught up in wider hack
Tesla Gigafactory

 

A Silicon Valley startup offering cloud-based security camera services has had its systems breached in an attack that gave hackers access to numerous live feeds, some of them coming from Tesla factories.

Read more
Dashlane simplifies digital credential management for people, teams and businesses
Dashlane credential management tool for teams featured image

Have you ever considered a credential management tool for your team or business? Allow me to explain. When it comes to digital and online safety, something you hear often is never to share your credentials, account details, or passwords with anyone. You're not supposed to share account details or passwords, even with people you know well. That's not necessarily because they can't be trusted, it's more that you never know how someone else will handle your sensitive information. If they stow it somewhere easily accessible, like in a plain text document on their desktop, it weakens your security and makes your accounts more vulnerable. Plus, there’s no telling who they’ll share that information with.

Keeping your logins to yourself is also how you’re advised to protect professional or business accounts in the workplace. But it makes things more difficult, especially when you’re working with a team. Sometimes, you need tool or platform logins to be available to everyone. There is a much better way to administrate password sharing, and most importantly, it doesn’t compromise security. The answer is a digital credential management tool like Dashlane.

Read more