If you value your data privacy, Starwood Points might end up costing you more than they've saved.
Marriott International, Inc. disclosed a data breach of its Starwood guest reservation database on Friday. It estimates that the hack has affected 500 million customers, and acknowledged that the compromise had gone undetected for four years; hackers have had access to components of the database since 2014, and Marriott only became aware of any security issue in September 2018.
SEE ALSO:Facebook fined £500K for 'serious breaches' of data protection lawYep, that means somebody had four years of unfettered access to a massive database of world travelers and their personal and potentially financial information. It's one of the biggest breaches in history, behind Yahoo's 2013 email hack, which affected 3 billion users.
Marriott is still determining exactly what information was accessed. The Starwood database manages customer reservations for multiple hotels including W Hotels, St. Regis, Sheraton Hotels & Resorts
It believes that 327 million of those guests had personal information taken, including — but not limited to! — this fun list:
Name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
What hospitality!
The database had more intense encryption for financial information. But Marriott says that it is not ruling out the possibility that hackers had access to credit card data as well.
"There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken."
The breach for the remaining ~170 million affected customers "was limited to" names, as well as, "sometimes other data."
Some legal experts wonder when companies will realize that collecting this amount of data on their customers is more of a liability than it is a business opportunity. Some companies make money selling data. However, when those databases are breached, it can result in hefty fines and a lot of public ill will; Yahoo recently had to pay the SEC $35 million for a 2014 breach affecting 500 million users. Does that magic number sound familiar, Marriott?
Marriott has set up a dedicated website and call center to answer questions about the breach. They are providing a year of WebWatcher to customers who used Starwood between 2014 and September 2018, a service that provides an alert if your data shows up in hacker marketplaces.
Marriott says it "deeply regrets" the incident. But that sentiment isn't saving their customers' privacy, now is it.
TopicsCybersecurityPrivacy
(责任编辑:時尚)
Michael Phelps says goodbye to the pool with Olympic gold
'Peaky Blinders,' 'Project Runway' and more drop Weinstein credits
10 TV shows we're hyped about at New York Comic Con 2017
Sonos unveils the new Sonos One smart speaker with Alexa
'The Flying Bum' aircraft crashes during second test flight
Lindsay Lohan steps in to defend Harvey Weinstein on Instagram
South Korea takes cue from China, bans ICOs
A Virginia donut shop made Harry Potter Butterbeer doughnuts for all the poor muggles out there
Uber's $100M settlement over drivers as contractors may not be enough
South Korea takes cue from China, bans ICOs
The five guys who climbed Australia's highest mountain, in swimwear
'SNL' cold open has Mike Pence boycotting Starbucks on Trump's orders