On November 30, it was revealed that up to 500 million customers of the largest hotel group in the world have had their sensitive personal information hacked, including passport numbers, credit card details, and addresses. This makes it one of the largest corporate hacks in history.
It comes only recently after news that millions of Radisson Hotel Group customers information had also been stolen. This most recent hack however is much larger in scale, affecting a hotel group which owns up to 6,700 establishments across 129 countries. The affected hotels include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels.
Since this disconcerting revelation it has been found that “unauthorized access” to the database traces all the way back to 2014, leading to questions as to why the infringements were not detected much sooner. Marriott Chief Executive Arne Sorenson said: “We are doing everything we can to support our guests, and using lessons learned to be better moving forward.” Marriott has since created a website for the purpose of providing customers with more information and are offering a free year-long subscription to a fraud prevention service run by security firm Kroll. If you think you may have been affected you can find out more here.
Within hours of the news, Marriott received a number of lawsuits, with one plaintiff demanding $12.5 billion in costs and losses. In a statement to Gizmodo, law firm Morgan & Morgan said: “The fact that a breach that began in 2014 went undetected for four years is shocking and horrifying.” This is a now common course of action following a corporate data breach, witnessed in recent financial settlements made by Yahoo! and Uber.