Marriott Data Breach Compromised Passport Numbers and More

A massive Marriott data breach spanning multiple years may have jeopardized the personal information of countless hotel customers.

Marriott International recently announced that the personal information of nearly 500 million customers had been stolen. Information affected by the Marriott data breach includes names, email addresses, phone numbers, passport numbers, date of birth, and arrival information.

The breach started in the reservation system of Starwood hotels in 2014. Investigators recently traced the breach to the work of Chinese hackers, according to The New York Times.

“Marriott values our guests and understands the importance of protecting personal information. We have taken measures to investigate and address a data security incident involving the Starwood guest reservation database. The investigation has determined that there was unauthorized access to the database, which contained guest information relating to reservations at Starwood properties on or before September 10, 2018,” the hotel company said in a statement.

Although the company says it is now handling the Marriott data breach, it has been carrying on unmanaged since 2014. Some consumers are looking for ways to protect themselves and their information and may face costs associated with Marriott’s alleged inability to protect its customers.

Marriott has reportedly agreed to foot the bill for passport replacements necessary for their customers who have been the victims of fraud.

“We are setting up a process to work with our guests who believe that they have experienced fraud as a result of their passports being involved in this incident,” said Marriott spokeswoman Connie Kim in an email statement to the Washington Post. “If, through that process, we determine that fraud has taken place, then the company will reimburse guests for the costs associated with getting a new passport.”

According to Marriott, passport numbers were only compromised for a “smaller subset of customers”. However, experts and government officials worry that the compromised passport numbers could pose a risk of identity theft.

Marriott data breach victims are also being offered free membership to WebWatcher, a personal information monitoring services. Affected consumers will reportedly be emailed by the hotel company, letting them know that their personal information has been compromised.

Many government offices have opened up investigations into the Marriott data breach including offices of the New York Attorney General, Maryland Attorney General, and Pennsylvania Attorney General. Other government officials have taken this opportunity to lobby for stricter consumer protection laws to help fight against data breaches.

“Checking in to a hotel should not mean checking out of privacy and security protections,” said Massachusetts Senator Ed Markey. “Preventing massive data breaches isn’t just about protecting privacy, it’s also about protecting our pocketbooks. Breaches like this can lead to identity theft and crippling financial fraud. They are a black cloud hanging over the United States’ bright economic horizon.”

Marriott is no stranger to privacy rights litigation. The company was sued last spring over allegations that it failed to properly handle employees’ fingerprint data in accordance with Illinois law.

Hotels affected by the Marriott data breach include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton, Design Hotels, and Starwood branded timeshare properties.

UPDATE: On Feb. 21, 2020, a federal judge found that Marriott must face a multidistrict litigation filed by consumers who claim that the hotel chain should have done more to protect them from one of the biggest data breaches in history.

Join a Free Marriott Data Breach Class Action Lawsuit Investigation

If you reserved a room through Marriott’s Starwood reservation system between 2014 and Nov. 30, 2018, you may be eligible for a free Marriott data breach class action lawsuit investigation.

Learn More