Marriott's Starwood Hotels Reports Massive Data Breach

November 30, 2018 - 7:21 am

BETHESDA, Md. (AP) -- The information of as many as 500 million people staying at Starwood hotels has been compromised and Marriott says it's uncovered unauthorized access that's been taking place within its Starwood network since 2014.
The company said Friday that credit card numbers and expirations dates of some guests may have been taken.

Marriott said that there was a breach of its database in September, which had guest information related to reservations at Starwood properties on or before Sept. 10.
Marriott discovered through the investigation that someone copied and encrypted guest information, and was trying to remove it.

Marriott has set up a website and call center for anyone who thinks that they are at risk, and on Friday will begin sending emails to those affected.

Brian Jones, who was staying at the W Hotel in Brooklyn, took the news in stride.

"Well, if it does, then I'll call the credit card company and we'll cancel the service, and then off we go, right? Just another say. Kinda keep going, but that's the world we live in, right?" he said.

But Ralph Bottoms of Miami called it "outlandish."

"It's crazy, it's crazy. They need to have more security than that," Bottoms said.

New York's Attorney General said they have opened an investigation into the data breach.

"New Yorkers deserve to know that their personal information will be protected," Barbara Underwood said.

Congress is calling for tigther data security in wake of the breach.

"What we need is a very aggressive and protective measure that safeguards this kind of private data that is in the hands of big corporations, like Marriott, they hold it in trust from hundreds of millions of customers and it can be very significant, personal and financial information that puts these customers at serious risk of identity theft and other grave damage," Connecticut Sen. Richard Blumenthal, who sits on the Senate Commerce Committee, told WCBS 880's Steve Scott. "We need more privacy, protection and penalties for violating that trust."

Blumethal said he is working on a bipartisan bill with U.S. Sen. Jerry Moran (R-Kansas) on a broad privacy protection measure that will relate to "all the information that is taken from Americans or they surrender" to big organizations, health insurers, universities and other establishments.

"Congress must move forward to end this cycle of broken promises. We have to set clear consumer data protection standards for all companies," Blumenthal said.

Marriott's revelation that as many as 500 million guests may have been affected by a data breach at Starwood hotels, which it bought two years ago, ranks among the largest hacks ever. It is not clear if some of those included in the final tally are individuals who were counted during every stay. 
For comparison, here are some of the worst data breaches in history:
Yahoo, by far, takes the prize for worst data breach, with a 2013 hack affecting 3 billion users. 
EBay asked all of its 145 million active users in 2014 to change their passwords as a precautionary measure because of a hack into personal information. The company was not sure how many people were actually affected by the breach.
Equifax suffered a breach in 2017 that affected about 148 million people. It discovered the hack in July of 2017, but didn't disclose it until September 7. 
In 2014, 83 million accounts were compromised at JPMorgan Chase.
Insurer Anthem suffered a hack in 2015 that may have compromised records for nearly 80 million people.
In 2013, Target was attacked by hackers, affecting 41 million people.

(© 2018 WCBS 880. The Associated Press contributed to this report)