Join +750K new investors every month who copy stock picks from billionaire's portfoliosSign Up Free

Marriott's Starwood database hacked, 500 million may be affected

Published 30/11/2018, 16:20
© Reuters. FILE PHOTO: A woman walks past the 'W London' hotel in Leicester Square in central London
VZ
-
MAR
-

By Jim Finkle and Arjun Panchadar

(Reuters) - Marriott International Inc (O:MAR) said on Friday that hackers accessed about 500 million records in its Starwood Hotels reservation system in an attack that began four years ago, exposing personal data of customers including some payment card numbers.

Shares fell 5 percent after disclosure of the hack, one of the largest in history, which prompted regulators in Britain and at least three U.S. states to announce plans to look into the attack.

The hack began in 2014, before Marriott offered to buy Starwood for $12.2 billion (9.57 billion pounds) in November 2015, acquiring brands including Sheraton, Ritz Carlton and Westin to create the world's largest hotel operator. The company closed the Starwood deal in September 2016.

Passport details, phone numbers and email addresses of some 327 million Marriott customers were exposed, according to the company. Credit card data may have been taken for other customers, it said.

"What makes this serious is the number of people involved, the intimacy of the data that was taken and the long delay between the breach and discovery," said Mark Rasch, a former U.S. federal cyber crimes prosecutor.

Customers complained to Marriott through its account on Twitter, where Starwood was among the top trending U.S. topics. Some criticized the company, using terms including "duped," "angry" and "merger disaster" to describe the incident.

Marriott said it learnt of the breach on Sept. 8 when an internal security tool sent an alert about suspicious activity.

"We fell short of what our guests deserve," Marriott Chief Executive Arne Sorenson said.

The offices of attorneys general in Connecticut, Illinois and New York said they would investigate the attack, as did the UK's Information Commissioner's Office. A representative with the U.S. Federal Trade Commission declined comment.

Marriott said it would inform affected guests about the breach starting Friday, and that it had reported it to law enforcement and regulatory authorities.

The breach appeared to be the second-largest on record after one at Yahoo in 2013 that exposed all of its 3 billion user accounts. That breach cost $47 million in litigation expenses and prompted Verizon Communications Inc (N:VZ) to cut $350 million off the price it paid when it acquired most of Yahoo.

Marriott said it was too early to estimate the financial impact of the breach and that it would not affect its long-term financial health. The hotel chain said it was working with its insurance carriers to assess coverage.

Baird Equity Research said in a note to clients that breach-related costs, including legal fees, technical expenses and increased security, could force Marriott to delay the rollout of a new customer loyalty programme planned for early 2019.

"Investor sentiment towards Marriott could remain somewhat negative in the near term until this security incident is fully resolved and its true financial impact is learnt," Baird said.

The Hyatt breach highlights the need for companies to pay close attention on cyber security when making acquisitions.

"Understanding the cybersecurity posture of an investment is critical to assessing the value of the investment and considering reputational, financial, and legal harm that could befall the company," said Jake Olcott, a vice president with cybersecurity firm BitSight.

© Reuters. FILE PHOTO: A woman walks past the 'W London' hotel in Leicester Square in central London

Starwood brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, and Westin Hotels & Resorts.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.