*By Carlo Versano and Chloe Aiello* Marriott's reservation system for its Starwood hotel properties has been breached since 2014, exposing the sensitive personal data of up to 500 million guests over more than four years, the world's largest hotel chain [revealed](http://news.marriott.com/2018/11/marriott-announces-starwood-guest-reservation-database-security-incident/) Friday. New York Attorney General Barbara Underwood immediately announced an investigation into the attack. The hacked personal data included passport numbers, credit card information, dates of birth, and phone numbers. The breach amounts to the largest corporate data hack since 2013, when Yahoo!'s entire user base of three billion people was exposed. But a hotel database would likely hold more sensitive information, meaning a hack of this scale from the world's leading hotel chain could be the most significant yet. Rikesh Thapa, the CTO and co-founder of blockchain technology company Blockparty, said he assumes bad actors wasted no time in securing the information, so people who suspect their data was compromised need to be vigilant. "I would bet that it was on the black market already," Thapa told Cheddar on Friday. The breach of Equifax's database last year exposed social security numbers and credit cards of about 200,000 people in the U.S., a fraction of the number of customers who may be impacted after Marriott's disclosure. Marriott acquired Starwood in 2015 for $13 billion, folding brands like Westin, Sheraton, W, and St. Regis into the Marriott portfolio. The company said any reservation between 2014 and Sept. 10, 2018 at any Starwood properties worldwide was affected. Marriott President Arne Sorneson apologized in a statement, saying: "We are doing everything we can to support our guests, and using lessons learned to be better moving forward.” The company set up a [website](info.starwoodhotels.com) to provide more information about the breach. It also said it was working with law enforcement to identify the hackers. Marriott did not say why it took four years to identify that its systems had been penetrated. The delay suggests the company was technologically far behind, Thapa said. The hack "should never have happened if Marriott or companies like Marriott paid attention to technological advancements and made sure that their machines were up to date," Thapa said. "This hack supposedly happened in 2014 ... which means they had not upgraded their system for probably more than four years, so this person was siphoning data, or group was siphoning data, since then." As for what's next for Marriott, Thapa said he expects "they are going to get fined like crazy" for violating Europe's General Data Protection Regulation. "Whether or not they survive it, they're definitely going to be calling up a lot of security professionals trying to upgrade their security system ー I would hope so," he said. Ted Rossman, an analyst for CreditCards.com, took a rosier view than many analysts Friday. "I don't know if there's anything truly new here," he said, predicting more corporate hacks will follow. "We as consumers need to assume that our data is out there." He pointed out a new law that makes it free for consumers to freeze, and then "thaw," their credit ー a process that used to cost $30 in some states and involve rounds of phone calls. Now it can be done via the websites of the three main credit agencies. Credit freezing is the "best line of defense we have," according to Rossman. Shares of Marriott plummeted 5 percent on news of the hack.

Share:
More In Business
Spain fines Airbnb $75 million for unlicensed tourist rentals
Spain's government has fined Airbnb 64 million euros or $75 million for advertising unlicensed tourist rentals. The consumer rights ministry announced the fine on Monday. The ministry stated that many listings lacked proper license numbers or included incorrect information. The move is part of Spain's ongoing efforts to regulate short-term rental companies amid a housing affordability crisis especially in popular urban areas. The ministry ordered Airbnb in May to remove around 65,000 listings for similar violations. The government's consumer rights minister emphasized the impact on families struggling with housing. Airbnb said it plans to challenge the fine in court.
Roomba maker iRobot files for bankruptcy protection; will be taken private under restructuring
Roomba maker iRobot has filed for Chapter 11 bankruptcy protection, but says that it doesn’t expect any disruptions to devices as the more than 30-year-old company is taken private under a restructuring process. iRobot said that it is being acquired by Picea through a court-supervised process. Picea is the company's primary contract manufacturer. The Bedford, Massachusetts-based anticipates completing the prepackaged chapter 11 process by February.
Serbia organized crime prosecutors charge minister, others in connection with Kushner-linked project
Serbia’s prosecutor for organized crime has charged a government minister and three others with abuse of position and falsifying of documents related to a luxury real estate project linked to U.S. President Donald Trump’s son-in-law Jared Kushner. The charges came on Monday. The investigation centers on a controversy over a a bombed-out military complex in central Belgrade that was a protected cultural heritage zone but that is facing redevelopment as a luxury compound by a company linked to Kushner. The $500 million proposal to build a high-rise hotel, offices and shops at the site has met fierce opposition from experts at home and abroad. Selakovic and others allegedly illegally lifted the protection status for the site by falsifying documentation.
Load More