If you do not follow the instructions concerning our policy on external links
your submission will be sent to the spam folder.
For at least 327 million guests, the personal data accessed included name, mailing address, phone number, email address, passport number, birthday and gender.
And for some people, the information could also include credit card numbers and expiration dates.
Marriott said it will begin emailing guests affected by the breach and has created an informational website. There's also a call center that's been set up. The company said it's giving guests a free membership to WebWatcher, a personal information monitoring service.
It's also telling guests to monitor their loyalty accounts for suspicious activity, change their account passwords and check credit card statements for unauthorized activity.
Marriott’s statement indicates the hacking was going on years before the company acquired Starwood in a deal that closed in September 2016. Marriott’s database contained guest information relating to reservations at Starwood properties on or before Sept. 10, 2018. For some, it also included payment card details, said Marriott, which didn’t identify who the perpetrators might be.
Athough Marriott said the details such as credit card numbers were encrypted, it has not been able to rule out the possibility that enough details were taken in order to decrypt this information.
The company has reported the incident to law enforcement and continues to support their investigation, and has also begun notifying regulatory authorities.
If you feel you may have been affected, visit https://answers.kroll.com/ for more information