If you stayed at one of the world's biggest hotel chains in the last four years, your personal data may have been hacked 2 weeks ago

If you stayed at one of the world's biggest hotel chains in the last four years, your personal data may have been hacked

The chain operates around 6,700 properties around the world.

Marriott Hotels have confirmed that over the last four years, as many as 500 million of their guests may have had their personal information released due to a massive data hack.

The hotel chain use a system called the Starwood guest reservation database, and it was this database that was discovered to have been hacked, dating back to all customers who stayed at a Marriott between 2014 and 2018.

As per the chain's official statement on the hack:

"Marriott has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property. For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest ("SPG") account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

"For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken. For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information."

In Ireland, the Sheraton Athlone Hotel and The Westin Dublin are Starwood hotels, while worldwide the Starwood hotels include W Hotels, St Regis, Sheraton Hotels and Resorts, Westin Hotels and Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels and Resorts, Four Points by Sheraton and Design Hotels, as well as Starwood branded timeshare hotels.

Marriott have set up a website specifically to deal with this new breach, as well as helping customers to figure out whether or not they’ve been affected. The website includes a dedicated call center, as well as a one-year free subscription to WebWatcher, which monitors web activity where personal information is shared.