Marriott Is Telling Guests What Data Was Stolen in the 2018 Breach

Mar 13, 2019

This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.

Just a few months after Marriott unveiled to the world that much of its guest data had been compromised in one of the worlds largest-ever data breaches, guests are now learning what specific information was taken by hackers. Marriott has said that the information of up to 383 million userswas stolen from the Starwood databases in a breach that lasted from 2014 through late 2018.

Personal information like birth dates, addresses, loyalty program numbers and travel details were lifted from Starwood’s system, but most notably up to 19 million passport numbers were stolen — information that’s incredibly sensitive, and could lead to identity theft.

In mid-February, Marriott released a form that allowed guests to request what parts of their personal information may have been exposed in the breach. On Wednesday, the hotel chain has started sending out the results of the inquiries. TPG Executive Editorial Director Scott Mayerowitz and Senior Writer JT Genter both received a response revealing what Marriott says was stolen. Here’s the letter sent to Genter:

Dear John Genter,

We are in receipt of your inquiry regarding whether your personal data was involved in the recent Starwood Guest Reservation Database security incident. Based on the information you provided to us, we believe that your information was involved. Following our analysis, we believe that the following information about you was involved in the incident:

* Name
* Birthdate
* Birthday (Month and Day Only)
* Address Information
* Primary Email Address
* Primary Phone Number
* Other Phone Information
* Starwood Preferred Guest (SPG) Number
* Starwood Preferred Guest (SPG) Loyalty Status and Balances
* Guest Frequent Traveler Program Information
* Starwood Executive Traveler Number
* Guest Opt-In Preferences
* Email Communication Preferences
* Reservation Details
* Central Starwood Unique Record Locator
* Employed at Starwood (Y/N)
* Record History Information

Where available in your country/region, Marriott is offering affected guests the opportunity to enroll in a personal information monitoring service free of charge for one year. More information about this service can be found at info.starwoodhotels.com. If you have further questions or requests regarding this information, please contact us through this portal. You will continue to have access to this request for the next 30 days.

Thank you.
Marriott Privacy Center

Results reveal that both Genter and Mayerowitz had large amounts of information taken. Marriott still does not know who was responsible for the attack.

In testimony to the US Senate last week, Marriott CEO Arne Sorenson said that Marriott believes 19 million passport numbers were stolen, and thinks about five million of those passport numbers were unencrypted, making them highly vulnerable to being compromised. Marriott has said it will pay for new passports of travelers who were affected by the data breach. Nine million encrypted credit card numbers were stolen, but only a small percentage of those were unencrypted.

Sorenson added that Marriott is using a third-party service to track the stolen data and so far it believes none of the stolen information has appeared on the internet or dark web. If you were affected by the hack, see TPG‘s guide on what to do to protect yourself, including using Marriott’s third-party tool to track if your information appears anywhere. It’s worth noting that Sorenson has said that data of guests’ traveling companions were likely compromised too.

Featured image by Shutterstock.com

Bank of America® Premium Rewards® Visa® credit card

This card from Bank of America gets really interesting if you have a BofA checking, savings or investment account. Depending on the value of your combined accounts you can potentially get as much as 3.5x points on travel/dining and 2.625x points on other purchases making it the richest consumer banking bonus out there.

Apply Now
More Things to Know
  • Receive 50,000 bonus points – a $500 value – after you make at least $3,000 in purchases in the first 90 days of account opening
  • Earn unlimited 2 points for every $1 spent on travel and dining purchases and unlimited 1.5 points per $1 spent on all other purchases
  • If you're a Bank of America Preferred Rewards member, you can earn 25%-75% more points on every purchase
  • No limit to the points you can earn and your points don't expire
  • Redeem for cash back as a statement credit, deposit into eligible Bank of America® accounts, credit to eligible Merrill accounts, or gift cards or purchases at the Bank of America Travel Center
  • Get up to $200 in combined airline incidental and airport expedited screening statement credits + valuable travel insurance protections
  • No Foreign Transaction Fees
  • Low $95 annual fee
Intro APR on Purchases
N/A
Regular APR
17.74% - 24.74% Variable APR on purchases and balance transfers
Annual Fee
$95
Balance Transfer Fee
Either $10 or 3% of the amount of each transaction, whichever is greater.
Recommended Credit
Excellent/Good

Editorial Disclaimer: Opinions expressed here are the author’s alone, not those of any bank, credit card issuer, airlines or hotel chain, and have not been reviewed, approved or otherwise endorsed by any of these entities.

Disclaimer: The responses below are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser’s responsibility to ensure all posts and/or questions are answered.