Mariott Data Breach

From Privacy Wiki
Jump to navigation Jump to search
Mariott Data Breach
Short Title Mariott Data Breach Comrpomised the Personal Information of 500 Individuals
Location Global
Date 2014

Solove Harm Insecurity, Interrogation
Information Identifying, Contact, Account, Location, Demographic
Threat Actors Mariott International Inc., Hackers from China

Affected Guests of Mariott
High Risk Groups
Tangible Harms

In 2018 Mariott Hotels reservation system Starwood was found to be hacked. Nearly 500 million records of personal information of hotel guests were copied by an unauthorized party.


The reservation system Starwood, owned and used by hotel chain Mariott, was found to be hacked. The attack started in 2014 and went unnoticed for 4 years.

Among the compromised information were: names, addresses, phone numbers, birth dates, email addresses, and encrypted credit card details of hotel customers. The travel histories and passport numbers of a smaller group of guests were also taken. It affected nearly 500 million individuals.Insecurity

Another violation that can be identified here is Interrogation, as hackers' actions can be interpreted as probing for personal information through Starwood systems.

Mariott said nearly 5 million of passport numbers that were stolen, weren’t encrypted and stored in Starwood system in plain text. It wasn’t clear, however, why some numbers were encrypted and others weren’t.

The media reported that the attack was part of a Chinese intelligence-gathering effort that is also linked to the other attacks. China has denied any knowledge of the Marriott attack.

Mariott data breach was reported to be one of the largest loss of personal data in history, second only to a 2013 breach of Yahoo that affected three billion user accounts

Laws and Regulations