
Audio By Carbonatix
The hotel chain said the guest reservation database of its Starwood division had been compromised by an unauthorised party.
It said an internal investigation found an attacker had been able to access the Starwood network since 2014.
The company said it would notify customers whose records were in the database.
Marriott International bought Starwood in 2016, creating the largest hotel chain in the world with more than 5,800 properties.
Starwood's hotel brands include W Hotels, Sheraton, Le Méridien and Four Points by Sheraton. Marriott-branded hotels use a separate reservation system on a different network.
Marriott said it was alerted by an internal security tool that somebody was attempting to access the Starwood database. After investigating, it discovered that an "unauthorised party had copied and encrypted information".
It said it believed its database contained records of up to 500 million customers.
For about 327 million guests, the information included "some combination" of:
- name
- address
- phone number
- email address
- passport number
- account information
- date of birth
- gender
- arrival and departure information
It said some records also included encrypted payment card information, but it could not rule out the possibility that the encryption keys had also been stolen.
"We deeply regret this incident happened," the company said in a statement.
"Marriott reported this incident to law enforcement and continues to support their investigation. The company has already begun notifying regulatory authorities."
The company has set up a website to give affected customers more information. It will also offer customers in the US and some other countries a year-long subscription to a fraud-detecting service.
In a statement, the UK's Information Commissioner's Office said: "We have received a data breach report from Marriott involving its Starwood Hotels and will be making enquiries. If anyone has concerns about how their data has been handled they can report these concerns to us."
What should I do if I'm affected?
The Marriott group said it would contact affected customers whose email addresses were in the Starwood reservation database.
The database contained details of reservations made on or before 10 September 2018.
The company has set up a dedicated help website for those affected and is also operating a free helpline. For UK customers the number is 0808 189 1065.
Marriott is not certain whether the attackers were able to obtain payment information, so be aware of any suspicious transactions on your account.
Also be aware that scammers may be sending out mass emails pretending to represent the Marriott group.
The company says it will not include attachments in its notification emails and will not ask for personal information over email. If in doubt, call the helpline.
The company is offering affected customers a year-long subscription to a fraud-checking service.
Latest Stories
-
China-Ghana friendship built on strong historical ties, mutual trust – Ambassador
17 minutes -
Hohoe MP cuts sod for construction of bridges in constituency
21 minutes -
Treasury bill rates edge up in latest BoG auction
24 minutes -
Ghanaian students abroad to hold global forum on national development
28 minutes -
Alcohol, drugs are not the solution to stress – doctors caution
32 minutes -
TWMA urges youth to avoid drugs during Homowo celebrations
37 minutes -
UBIDS School of Law among 19 schools to run one-year pre-bar course
41 minutes -
Opoku-Agyemang receives update on Ghana National Research Fund
45 minutes -
Mahama underscores importance of faith
50 minutes -
Government allocates ¢100m annually for special needs education
56 minutes -
Sri Lanka prison riots leave 26 dead and more than 100 injured
58 minutes -
China sentences official to death for taking $325m in bribes
1 hour -
Ecobank joins The Build Project as official financing partner
1 hour -
Why some Ghana and other African nations are turning down Trump aid money
1 hour -
An open letter to the President: The excavators are back…
1 hour