Marriott, Starwood hit by security incident

The Marriott Group have released a statement regarding a significant data security incident involving their Starwood Guest Reservation database.

An investigation undertaken by Marriott in September 2018 determined that there had been unauthorised access to the database, which contained guest information relating to reservations at Starwood properties since 2014.

‘The guest information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).’

Affected hotel brands include: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Timeshare properties are also impacted.

At this time it is unknown how many Australian accounts have been affected and the ACSC continues to monitor the situation closely.

The ACSC suggests Australians who hold a Starwood Hotels and Resorts account should consider monitoring financial accounts for suspicious transactions, especially during the period the data breach took place.

Contact your bank immediately if you suspect any fraudulent activity.

Further information on the breach is available from the Marriot Statement.

Marriott has not approached the ACSC for assistance.