Marriott at the moment is offering an replace on the variety of friends whose passport numbers and fee card numbers had been concerned within the Starwood reservations database safety incident introduced by the corporate on November 30, 2018.
Working carefully with its inside and exterior forensics and analytics investigation group, Marriott decided that the full variety of visitor data concerned on this incident is lower than the preliminary disclosure. Additionally, the variety of fee playing cards and passport numbers concerned is a comparatively small share of the general complete data concerned.
“We need to present our prospects and companions with updates primarily based on our ongoing work to handle this incident as we attempt to perceive as a lot as we probably can about what occurred,” stated Arne Sorenson, Marriott’s President and Chief Government Officer. “As we close to the tip of the cyber forensics and knowledge analytics work, we are going to proceed to work onerous to handle our prospects’ considerations and meet the usual of excellence our prospects deserve and count on from Marriott.”
Marriott is updating its press launch of November 30, 2018, which introduced that the corporate decided on November 19, 2018 that there was unauthorized entry to a Starwood visitor reservations database. In that launch, the corporate stated that it believed the incident concerned details about as much as roughly 500 million friends who made a reservation at a Starwood property* on or earlier than September 10, 2018, though at that time the corporate had not accomplished the analytics work to determine duplicative data.
Replace on the Variety of Company Concerned
Marriott now believes that the variety of doubtlessly concerned friends is decrease than the 500 million the corporate had initially estimated. Marriott has recognized roughly 383 million data because the higher restrict for the full variety of visitor data that had been concerned within the incident. This doesn’t, nevertheless, imply that details about 383 million distinctive friends was concerned, as in lots of situations, there look like a number of data for a similar visitor. The corporate has concluded with a good diploma of certainty that data for fewer than 383 million distinctive friends was concerned, though the corporate is just not capable of quantify that decrease quantity due to the character of the info within the database.
Passport Info Replace
Marriott now believes that roughly 5.25 million unencrypted passport numbers had been included within the data accessed by an unauthorized third celebration. The knowledge accessed additionally contains roughly 20.three million encrypted passport numbers. There is no such thing as a proof that the unauthorized third celebration accessed the grasp encryption key wanted to decrypt the encrypted passport numbers.
Marriott is putting in a mechanism to allow its designated name heart representatives to refer friends to the suitable sources to allow a glance up of particular person passport numbers to see in the event that they had been included on this set of unencrypted passport numbers. Marriott will replace its designated web site for this incident ( when it has this functionality in place. The web site lists cellphone numbers to succeed in the corporate’s devoted name heart and contains details about the method to be adopted if friends imagine that they’ve skilled fraud on account of their passport numbers being concerned on this incident.
Cost Card Info Replace
Marriott now believes that roughly 8.6 million encrypted fee playing cards had been concerned within the incident. Of that quantity, roughly 354,000 fee playing cards had been unexpired as of September 2018. There is no such thing as a proof that the unauthorized third celebration accessed both of the elements wanted to decrypt the encrypted fee card numbers.
Whereas the fee card subject within the knowledge concerned was encrypted, Marriott is endeavor extra evaluation to see if fee card knowledge was inadvertently entered into different fields and was subsequently not encrypted. Marriott believes that there could also be a small quantity (fewer than 2,000) of 15-digit and 16-digit numbers in different fields within the knowledge concerned that may be unencrypted fee card numbers. The corporate is constant to research these numbers to higher perceive if they’re fee card numbers and, if they’re fee card numbers, the method it is going to put in place to help friends. Additional updates will likely be made to the devoted web site:
Company who’ve questions associated to their fee playing cards ought to go to for extra data, together with toll-free cellphone numbers to succeed in the corporate’s devoted name heart.
Starwood Reservations Database Discontinued
The corporate has accomplished the part out of the operation of the Starwood reservations database, efficient the tip of 2018. With the completion of the reservation techniques conversion undertaken as a part of the corporate’s post-merger integration work, all reservations are actually operating by means of the Marriott system.
Visitor Help
Marriott continues to supply the next providers to assist friends monitor and shield their data:
Devoted Web site and Name CenterMarriott has established a devoted web site ( and name heart to reply questions friends could have about this incident. The regularly requested questions on have been up to date and could also be additional supplemented every now and then. The decision heart is open seven days every week and is offered in a number of languages.
Free Net MonitoringGuests from nations and areas listed on the positioning have the chance to enroll in internet monitoring providers freed from cost for one yr. Please go to and click on on Free Id Monitoring to be taught extra.
* Starwood manufacturers embody: W Inns, St. Regis, Sheraton Inns & Resorts, Westin Inns & Resorts, Ingredient Inns, Aloft Inns, The Luxurious Assortment, Tribute Portfolio, Le Méridien Inns & Resorts, 4 Factors by Sheraton and Design Inns. Starwood branded timeshare properties (Sheraton Trip Membership, Westin Trip Membership, The Luxurious Assortment Residence Membership, St. Regis Residence Membership, and Vistana) are additionally included.
Marriott Worldwide, Inc. (NASDAQ: MAR) is predicated in Bethesda, Maryland, USA, and encompasses a portfolio of greater than 6,700 properties in 30 main resort manufacturers spanning 129 nations and territories. Marriott operates and franchises accommodations and licenses trip possession resorts all around the globe. The corporate additionally operates award-winning loyalty applications: Marriott Rewards®, which incorporates The Ritz-Carlton Rewards®, and Starwood Most well-liked Visitor®. For extra data, please go to our web site at, and for the most recent firm information, go to As well as, join with us on Fb and @MarriottIntl on Twitter and Instagram.