Skip to main content

Advertisement

Marriott's Starwood hack hits up to 500 million customers

By
Marriott's Starwood hack hits up to 500 million customers

(Reuters) - Marriott International Inc (MAR.O) said on Friday that hackers accessed up to 500 million customer records in its Starwood Hotels reservation system in an attack that began four years ago, exposing data including passport numbers and payment cards.

Shares were down 5.7 percent in late afternoon trade on news of the hack, one of the largest in history, which prompted regulators in Britain and at least five U.S. states to launch investigations.

The Federal Bureau of Investigation said it was looking into the attack on Starwood, whose brands include Sheraton, St. Regis, W and Westin hotels. It advised affected customers to check for identity fraud and report it to the bureau’s Internet Crime Complaint Center.

The hack began in 2014, a year before Marriott offered to buy Starwood to create the world’s largest hotel operator. The $13.6 billion deal closed in September 2016.

Some 327 million customer records containing information including passport details, birthdates, addresses, phone numbers and email addresses were exposed, according to the company.

The hackers also accessed payment card data for an undisclosed number of customers, the company said.

FILE PHOTO: Marriott Chief Executive Arne Sorenson speaks during an interview with Reuters in a hotel in Berlin, March 3, 2015. REUTERS/Fabrizio Bensch/File Photo

“What makes this serious is the number of people involved, the intimacy of the data that was taken and the long delay between the breach and discovery,” said Mark Rasch, a former U.S. federal cyber crimes prosecutor.

Some customers complained to Marriott on Twitter, where Starwood was among the top trending U.S. topics. They used terms including “duped,” “angry” and “merger disaster” to express frustration over the incident.

Attorneys filed a lawsuit in a Maryland federal court within hours of the disclosure which seeks class-action status for customers whose data was exposed in the breach.

The complaint accuses Marriott of negligence as well as deceptive and unfair trade practices and sought unspecified financial compensation for harm caused by exposure of their data.

The company said on its website that it learned of the breach on Sept. 8 when an internal security tool sent an alert about suspicious activity.

“We fell short of what our guests deserve,” Marriott Chief Executive Arne Sorenson said in a statement.

Slideshow (4 Images)

Attorneys general in Connecticut, Illinois, Massachusetts, New York and Pennsylvania said they would investigate the attack, as did the UK’s Information Commissioner’s Office.

“The public deserves to know how this happened,” Massachusetts Attorney General Maura Healey said in a statement.

Company representatives could not be reached to comment on the lawsuit, government investigations or to explain why it had taken so long to uncover and disclose the hack.

Marriott said on its website that it would inform affected guests about the breach starting on Friday, and that it had reported it to law enforcement and regulatory authorities.

The breach appeared to be the second-largest on record, based on records compromised, after one at Yahoo in 2013 that exposed all of its 3 billion user accounts. That incident cost $47 million in litigation expenses and prompted Verizon Communications Inc (VZ.N) to cut $350 million off the price it paid when it acquired most of Yahoo.

Marriott said it was too early to estimate the financial impact of the breach, though it would not affect its long-term financial health. The hotel chain said it was working with its insurance carriers to assess coverage.

Baird Equity Research said in a note to clients that breach-related costs, including legal fees, technical expenses and increased security, could force Marriott to delay the roll out of a new customer loyalty program planned for early 2019.

“Investor sentiment toward Marriott could remain somewhat negative in the near term until this security incident is fully resolved and its true financial impact is learned,” Baird said.

Retailers Target Corp (TGT.N) and Home Depot Inc (HD.N) each incurred costs of about $200 million after massive payment-card breaches in 2013 and 2014.

The Hyatt breach highlights the need for companies to pay close attention on cyber security when making acquisitions.

“Understanding the cybersecurity posture of an investment is critical to assessing the value of the investment and considering reputational, financial, and legal harm that could befall the company,” said Jake Olcott, a vice president with cybersecurity firm BitSight.

Reporting by Jim Finkle in New York, and Arjun Panchadar in Bengaluru; Additional reporting by Munsif Vengattil and John Benny in Bengaluru, Diane Bartz in Washington, Jonathan Stempel in New York; Editing by Anil D'Silva and Nick Zieminski

Our Standards:The Thomson Reuters Trust Principles.

Comments

Post a Comment

Facebook

Ads

Popular posts from this blog

Here's Why CBS' 'Clarice' Television Series Can't Mention Hannibal Lecter

By
Clarice is a new series coming to CBS in just a few months that will continue The Silence of the Lambs franchise. However, there’s one thing that the television series can’t do, and that’s mention anything about Hannibal Lecter. According to executive producer Alex Kurtzman , who spoke with Entertainment Weekly , the series can’t do this because the rights to author Thomas Harris ’ characters are actually divided between MGM and the Dino De Laurentiis Company. READ : CBS ‘Silence of the Lambs’ Sequel Series Finds Its Clarice! But, the CBS show will have all the other characters mentioned in the book, like Clarice Starling, her colleague Ardelia Mapp, Deputy Assistant Attorney General Paul Krendler, the late serial killer Buffalo Bill, and a few others. “I’m still trying to understand how the rights are divided,” Alex shared with the magazine about the legality of it all, but he’s okay with that too. Turns out that not having access to Hannibal hasn’t been limiting. “It’s bee...
Post a Comment
Read more

Sóller hike followed by a healthy vegan lunch

By
We got a group of friends together (of various ages and fitness levels) to hike around the hills surrounding the Mallorcan town of Sóller, in the northwest of the island. There are many quite easy trails but usually, it involves a bit of hiking up and downhill. We began our walk at the first roundabout after the tunnel and climbed for about 25 minutes uphill after that it was reasonably flat for the next hour or so. The final part was decent into the town of Sóller where we had booked a private vegan brunch for our group. Barbara and Martjin opened Ecocirer in March 2018 as a vegan hotel with 6 bedrooms in the town of Sóller. It is the ideal accommodation for a family celebration if you would like to enjoy healthy vegan food with plenty of activities to get you out into the beautiful nature surrounding the picturesque town. The expe...
Post a Comment
Read more

Jay Z Takes Aim at Donald Trump, Donald Sterling on Van Jones Show

By
Jay Z Takes Aim at 2 Donalds -- Trump and Sterling 1/28/2018 7:03 AM PST Jay Z thinks it was a huge setback for race relations when Donald Sterling was booted as owner of the Los Angeles Clippers because of his racist comments ... because it sends racists the wrong message. Jay appeared on Van Jones ' news CNN show Saturday night and explained his thoughts ... that when Sterling was thrown out of the franchise, it sent a message to racists to just continue that hateful thoughts, comments and actions on the QT.  Jay Z said, "Once you do that (boot him from the franchise), all the other closet racists just run back in the hole.  You haven't fixed anything.  What you've done was spray perfume on a trash can." [embedded content] The mogul also took aim at Trump in an interesting way, saying even if the African American community is benefiting economically now, saying, "Treat me really bad and pay me well.  It's not going to lead to happiness ... Ev...
Post a Comment
Read more