The Marriott Group have released a statement regarding a significant data security incident involving their Starwood Guest Reservation database.
An investigation undertaken by Marriott in September 2018 determined that there had been unauthorised access to the database, which contained guest information relating to reservations at Starwood properties since 2014.
‘The guest information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).’
Affected hotel brands include: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Timeshare properties are also impacted.