2018 Marriott Breach
| 2018 Marriott Breach | |
|---|---|
| Short Title | Marriott Data Breach 2018 |
| Location | Global |
| Date | November 30, 2018 |
| Solove Harm | Information Collection, Information Processing, Information Dissemination, Invasion |
| Information | Names, addresses, passport numbers, email addresses, payment card information |
| Threat Actors | Unidentified hackers |
| Individuals | |
| Affected | Approximately 500 million Marriott customers who had stayed at Starwood hotels and resorts |
| High Risk Groups | Individuals who had sensitive personal information exposed |
| Tangible Harms | Potential for identity theft, financial fraud |
A security breach impacting Marriott International's Starwood guest reservation database was disclosed in November 2018. About 500 million customers' personal information, including names, addresses, passport numbers, email addresses, and some payment card information, was exposed as a result of the breach, which has been going on since 2014. Unknown hackers were responsible for the intrusion. Investigations under the GDPR and different state data breach notification regulations in the US resulted from it. Along with the reputational impact to Marriott, the incident could have led to financial fraud and identity theft.
Description
A notable security event in 2018 involving millions of guests who had been at Starwood hotels and resorts was the Marriott data leak. Unauthorized access and capture of personal data, including delicate information like passport numbers, occurred during the hack. The incident made the affected people worried about money fraud and identity theft. Under GDPR and numerous state data breach notification regulations in the United States, Marriott was subject to legal investigation. Both normative harms—such as invasion of privacy and interference with decision-making—and concrete harms—potential financial losses and harm to Marriott's reputation—were caused by the incident.