MANHATTAN — If you stayed in any number of popular Marriott-owned hotel chains within the last four years, your personal data may have been compromised.
The Starwood reservation system was hacked-- in what may be the second biggest breach in history. The information of up to 500-million people might have been exposed.
Though the damage is still being accessed, it may be the second biggest after Yahoo reported 3 billion accounts across several brands were breached in 2017.
The hotel hack went on for four years undetected— predating Marriott’s acquisition of Starwood hotel brands like the Westin and W-Hotels. The company said it only just found out about it last week.
“It’s terrifying this has lasted since 2014 undetected, and it just means the security and encryption that stores your information is not up to par,” said Fitech-Gelb security expert Noah Birnbaum.
The hackers got guest names, phone numbers e-mail addresses, passport numbers, birthdays, and even encrypted credit card information might have been compromised.
Birnbaum said the very fact that Marriott only encrypted part of that vital information is unacceptable.
“There’s advanced encryption which should go across the entire platform of personal information,” he said. “What Marriott and Starwood did that was only on the credit cards.”
Birnbaum advises those who think they have been impacted should watch their accounts and credit in the coming days— and look into subscription based-credit protection.
The New York Attorney General said she would investigate the breach and Marriott might face even bigger consequences in the Europeans Union. New laws in Europe lay out stiff punishments and standards designed to force companies to protect against this type of situation.
In a statement Marriott said:
"We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward,"
Marriott has setup a website for people affected by the data breach.