- 31 Aug, 2020
In November 2018, Marriott International announced that hackers had stolen data about approximately 500 million Starwood hotel customers. The attackers had gained unauthorized access to the Starwood system back in 2014 and remained in the system after Marriott acquired Starwood in 2016. However, the discovery was not made until 2018.
The information that was exposed included names, contact information, passport number, Starwood Preferred Guest numbers, travel information, and other personal information. Marriott believes that financial information such as credit and debit card numbers, and expiration dates of more than 100 million customers were stolen, although the company is uncertain whether the attackers were able to decrypt the credit card numbers.
According to the New York Times, the breach was eventually attributed to a Chinese intelligence group, The Ministry of State Security, seeking to gather data on US citizens. If true, this would be the largest known breach of personal data conducted by a nation-state.