The personal records of around 500 million guests of hotel group Marriott International have been stolen following a major data breach.
The hotel chain opened an investigation into the recent data breach that occurred on 10 September this year. Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014.
‘We deeply regret this incident happened,’ Marriott International President and CEO Arne Sorenson said. ‘We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.’
‘We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call centre,’ Sorenson said. ‘We will also continue to support the efforts of law enforcement and to work with leading security experts to improve.’
‘Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network,’ he added.
Customers payment information may have also been stolen, according to statement by Marriott.
News of the data breach precipitated the hotel chain’s share price to fall by around 7% to $121.84 in pre-market trading on Friday.
Wave of major data breaches hit big corporates
Marriott International is the latest in a growing number of major data breaches that have occurred at large US-based corporations.
Last week, online retail giant Amazon was hit by a major data breach that led to customers names and email addresses becoming visible on its site just days before it began its Black Friday sale.
It is unclear how many accounts were impacted by the breach, with the online retailer not willing to provide any breakdown as to the how widespread the issue was.
The company claims that the leak was not the result of a hack of its website or IT systems, but rather a mishap that unintentionally led to customers personal information being visible on its site.
On Tuesday, Uber landed in hot water with British and Dutch data protection regulators over a massive data breach that saw customers and drivers’ personal information leaked only months after US state authorities fined the company a record $148 million for the same infraction.
The UK’s Information Commissioner’s Office (ICO) announced that it is finding Uber £385,000 for ‘failing to protect customers’ personal information during a cyber-attack’.
At the same time, Uber came under fire from Dutch data protection authorities who have issued a fine of €600,000 (£532,000) for not reporting its information breach to the regulator within 72 hours after the leak was discovered.
To make matters worse, Uber first realised that it had been hacked back in December 2016 but rather than notifying customers, drivers and regulators about the breach, it opted to pay the hackers $100,000 to cover up the leak.