Marriott reservation system was hacked, affecting 500 million guests. What happened?

Marriott’s Starwood guest reservation system has been hacked, the hotel chain says.

If you stayed at a Marriott Starwood property anytime from 2014 through Sept. 10, 2018, you might be one of the “approximately 500 million” guests whose personal information has been exposed in the hack, according to a statement.

The company says the system was first accessed without authorization sometime in 2014.

Marriott reported the breach to authorities on Nov. 19.

“The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it,” the press release states. “On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.”

The data included passport numbers, emails and mailing addresses for about 327 million of the customers affected. For some of the approximately 500 million affected, the data exposed also included payment card details.

Read Next

The Starwood reservation database services a group of hotel chains Marriott purchased in 2016, according to CNN, including St. Regis, Sheraton, Westin and W Hotels.

Marriott did not say whether company representatives had learned who the hackers are. The hotel chain will begin sending emails on a rolling basis starting Nov. 30 to affected guests whose email addresses are in the Starwood guest reservation database.

The company has also created a website designed to answer questions of those who think their personal information was compromised in the hack.

“We deeply regret this incident happened,” said Arne Sorenson, Marriott’s president and chief executive officer. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

Marriott said up to 500 million accounts related to Starwood properties guest reservations were compromised in September. Body text goes here • Use option+8 to make bullets Source:, Marriott, YahooGraphic: Staff, TNS Website Number of accounts Top 20 previous hacks Compromised accounts ~500,000,000~500,000,000359,420,698164,611,595152,445,165 112,005,531 93,338,602 68,648,009 65,469,298 49,467,477 40,767,652 37,217,682 30,811,934 29,020,808 27,393,015 26,892,897 22,281,337 13,545,468 8,243,604 8,089,103 359,420,698 MySpace accounts 164,611,595 LinkedIn accounts 152,445,165 Adobe accounts 112,005,531 Badoo accounts 93,338,602 VK accounts 68,648,009 Dropbox accounts 65,469,298 tumblr accounts 49,467,477 iMesh accounts 40,767,652 Fling accounts 37,217,682 accounts 30,811,934 Ashley Madison accounts 29,020,808 Tianya accounts 27,393,015 accounts 26,892,897 Neopets accounts 22,281,337 R2Games accounts 13,545,468 000webhost accounts 8,243,604 Gamigo accounts 8,089,103 Heroes of Newerth accounts 7,196,890 Experian accounts 7,089,395 Lifeboat accounts MarriottYahooMySpaceLinkedInAdobeBadooVKDropboxtumblriMeshFlingLast.fmAshley MadisonTianyaMate1.comNeopetsR2Games000webhostGamigoHeroes of Newerth

Marriott’s stock price took a hit after the news broke, according to Bloomberg, dropping 6 percent in premarket trading Thursday.

Florida law firm Morgan & Morgan filed a class action lawsuit against Marriott Friday on behalf of those who suffered financially as a result of the hack.

“Large, sophisticated companies like Marriott are not blind to the risks posed by cyber-criminals, who are constantly attempting to infiltrate corporations that store sensitive consumer information,” John Yanchunis, a lawyer with Morgan & Morgan, said in an emailed statement. “The fact that a breach that began in 2014 and went undetected for four years is shocking and horrifying. When guests stay at hotels, they trust the hotel will provide adequate security — both physical and the protection of their private information. It appears that the trust 500 million people placed in Marriott/Starwood was violated — for nearly half a decade.”

Matt is an award-winning real time reporter and a University of Texas at Austin graduate who’s been based at the Fort Worth Star-Telegram since 2011. His regional focus is Texas, and that makes sense. He’s only lived there his whole life.