*By Carlo Versano and Chloe Aiello* Marriott's reservation system for its Starwood hotel properties has been breached since 2014, exposing the sensitive personal data of up to 500 million guests over more than four years, the world's largest hotel chain [revealed](http://news.marriott.com/2018/11/marriott-announces-starwood-guest-reservation-database-security-incident/) Friday. New York Attorney General Barbara Underwood immediately announced an investigation into the attack. The hacked personal data included passport numbers, credit card information, dates of birth, and phone numbers. The breach amounts to the largest corporate data hack since 2013, when Yahoo!'s entire user base of three billion people was exposed. But a hotel database would likely hold more sensitive information, meaning a hack of this scale from the world's leading hotel chain could be the most significant yet. Rikesh Thapa, the CTO and co-founder of blockchain technology company Blockparty, said he assumes bad actors wasted no time in securing the information, so people who suspect their data was compromised need to be vigilant. "I would bet that it was on the black market already," Thapa told Cheddar on Friday. The breach of Equifax's database last year exposed social security numbers and credit cards of about 200,000 people in the U.S., a fraction of the number of customers who may be impacted after Marriott's disclosure. Marriott acquired Starwood in 2015 for $13 billion, folding brands like Westin, Sheraton, W, and St. Regis into the Marriott portfolio. The company said any reservation between 2014 and Sept. 10, 2018 at any Starwood properties worldwide was affected. Marriott President Arne Sorneson apologized in a statement, saying: "We are doing everything we can to support our guests, and using lessons learned to be better moving forward.” The company set up a [website](info.starwoodhotels.com) to provide more information about the breach. It also said it was working with law enforcement to identify the hackers. Marriott did not say why it took four years to identify that its systems had been penetrated. The delay suggests the company was technologically far behind, Thapa said. The hack "should never have happened if Marriott or companies like Marriott paid attention to technological advancements and made sure that their machines were up to date," Thapa said. "This hack supposedly happened in 2014 ... which means they had not upgraded their system for probably more than four years, so this person was siphoning data, or group was siphoning data, since then." As for what's next for Marriott, Thapa said he expects "they are going to get fined like crazy" for violating Europe's General Data Protection Regulation. "Whether or not they survive it, they're definitely going to be calling up a lot of security professionals trying to upgrade their security system ー I would hope so," he said. Ted Rossman, an analyst for CreditCards.com, took a rosier view than many analysts Friday. "I don't know if there's anything truly new here," he said, predicting more corporate hacks will follow. "We as consumers need to assume that our data is out there." He pointed out a new law that makes it free for consumers to freeze, and then "thaw," their credit ー a process that used to cost $30 in some states and involve rounds of phone calls. Now it can be done via the websites of the three main credit agencies. Credit freezing is the "best line of defense we have," according to Rossman. Shares of Marriott plummeted 5 percent on news of the hack.

Share:
More In Business
Starbucks’ Change Flushes Out a Debate Over Public Restroom Access
Starbucks’ decision to restrict its restrooms to paying customers has flushed out a wider problem: a patchwork of restroom use policies that varies by state and city. Starbucks announced last week a new code of conduct that says people need to make a purchase if they want to hang out or use the restroom. The coffee chain's policy change for bathroom privileges has left Americans confused and divided over who gets to go and when. The American Restroom Association, a public toilet advocacy group, was among the critics. Rules about restroom access in restaurants vary by state, city and county. The National Retail Federation says private businesses have a right to limit restroom use.
Trump Highlights Partnership Investing $500 Billion in AI
President Donald Trump is talking up a joint venture investing up to $500 billion for infrastructure tied to artificial intelligence by a new partnership formed by OpenAI, Oracle and SoftBank. The new entity, Stargate, will start building out data centers and the electricity generation needed for the further development of the fast-evolving AI in Texas, according to the White House. The initial investment is expected to be $100 billion and could reach five times that sum. While Trump has seized on similar announcements to show that his presidency is boosting the economy, there were already expectations of a massive buildout of data centers and electricity plants needed for the development of AI.
Load More