Marriott has revealed that unauthorized access to the Starwood reservation system has been detected and that up to 500 million guests who made a reservation at Starwood properties on or before September 10, 2018 have had their information accessed. For roughly 327 million guests this information includes: name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. It also includes encrypted payment card numbers and payment card expiration dates and Marriott has been unable to determine if the keys needed to decrypt this information has been stolen as well. For the remaining guests information accessed is limited to name, e-mail address and other information.
We’ve said this before, but until the penalties for data breaches are increased they will continue to happen at an alarming rate. It’s clear that corporations are not investing enough resources to keep personal and payment data secure, the penalties for having data breaches is not equal with the damage that can be done when somebody has their identity or payment details stolen.
