0121 222 5630

Email Aristi Ltd Follow Aristi Ltd on Facebook Follow Aristi Ltd on Twitter Follow Aristi Ltd on LinkedIn Follow Aristi Ltd on Google Plus

Insights and Updates.
Made for you.

You are here:
Posted on Wednesday, 12 December 2018

500 million customers can’t sleep easy with Marriott data breach.

Written by

The world’s largest hotel chain, Marriott Hotels, announced on Friday (November 30, 2018) that half a billion of its customers’ data had been breached dating as far back as 2014.

Marriott owns more than 5,800 properties around the world with 1.1 million rooms spread across more than 110 countries[.  That makes this incident is a potentially global cyber security scandal.

Those at risk of security breaches are customers whose data had been stored in the guest reservation database of the chain’s Starwood division. The hacker initially gained access to this database over four years ago[.

Marriott admitted on Friday, although it has known about the breach since November 2016, it does not yet know the full scale of the attack. The chain says it will notify any customer whose data is at risk.

The hotel chain estimates 327 million customer records were accessed including a combination of their name, date of birth, gender, address, contact number, email address, passport number and account information. This means that customers are now at risk of acts such as identity theft or credit card fraud.

Even though the data was encrypted, the hotel chain acknowledged that the keys needed to decrypt this data might also have been accessed during the attack.

Called to comment

“We fell short of what our guests deserve and what we expect of ourselves,” says Arne Sorenson, president and chief executive, Marriott Hotels. “We are doing everything we canto support our guests and using lessons learnt to be better moving forward.

“Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information,with a dedicated website and call centre. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network[.”

Public concern

This is not the first time a global business has experienced a significant data breach this year.  In September, Facebook admitted it was possible that 50 million customers were left unprotected by a security flaw which had allowed hackers to gain control of selected users’ accounts[.

Also in September, Uber was ordered to pay £113m as a result of attempting to conceal a serious data breach from its regulators in 2016. Uber’s security breach saw 57 million user accounts accessed including over 600,000 driving licence numbers. If this breach happened now, under new GDPR, Uber would be forced to pay in excess of £157m.  

“These recent breaches highlight how crucial a safe data culture is to businesses,” says Harj Singh, founder and CEO at Aristi. “With the recent introduction of GDPR,businesses need to be proactive to ensure that they are keeping their customers’ data safe.

If Marriott couldn’t protect its data, how can you?  Your top 3 priorities:

  1. Cyber security is more than just a series of checks – best practice guidelines need to be embedded in your company culture.
  2. GDPR and cyber security should both be treated as one integral part of your business – rather than as two ‘silos’.
  3. Regular testing of your business’ security is paramount to ensure you are following best practice guidelines with secure systems.

“Protecting customer data can be simple. Regular checks and security tests as well as ensuring compliance with GDPR will help to prevent your business from any security breaches.”

“For best practice to be sustainable, it must be embedded throughout your culture.

“Understanding an organisation’s culture – whether it’s a company, civil service department, NGO or charity – entails a deep dive.  But once you have it, you can empower the organisation to achieve its vision, profitably.

“You do that using a range of tools in the business cyber security toolkit:  including consultancy and Cyber Essentials, trusted security advisor service and penetration testing.”

If you’re concerned about your business’ cyber security or simply want to find out more about what you can do to prevent malevolent attacks, call 0121 222 5630 or email info@aristi.co.uk.


Please contact Aristi to discuss your requirements. Filling in the form below is the quickest way to get in touch with the relevant person at Aristi.


Keep up-to-date with insights and info on all areas of Information Assurance, Information Security, Penetration Testing & Data Sharing from the award-winning consultants Aristi.

Latest Tweets

Still using Windows 7? https://t.co/TZq4J1xXNl
https://t.co/yRF05uVC9i These scams are getting more realistic. User awareness is crucial to detect malicious emails from legitimate ones.
If Marriott Hotels couldn’t protect their data when they were subject to data breaches, how can your business?:… https://t.co/2DKYoum6zP

Subscribe to our Newsletter

Latest Blog Posts

  • 500 million customers can’t sleep easy with Marriott data breach

    Share the post “500 million customers can’t sleep easy with Marriott data breach” Facebook Google+ LinkedIn Twitter The world’s largest hotel chain, Marriott Hotels, announced on Friday (November 30, 2018) that half a billion of its customers’ data had been breached dating as far back as 2014. Marriott owns more than 5,800 properties around the […]

    Written on
  • Virtual Data Protection Officer

    Share the post “Virtual Data Protection Officer” Facebook Google+ LinkedIn Twitter The GDPR introduces a duty for you to appoint a data protection officer (DPO) if you are a public authority, or if you carry out certain types of processing activities. To support your on going GDPR compliance and management requirements, we can provide a […]

    Written on Thursday, 10 May 2018
  • Protecting Businesses with Cyber Essentials

    Share the post “Protecting Businesses with Cyber Essentials” Facebook Google+ LinkedIn Twitter The lack of basic cyber security controls remains a significant factor in the vast majority of cyber attacks in the UK today. Businesses are left worried about hackers, data loss and security, and are not sure where to turn. The scale of the […]

    Written on Monday, 05 March 2018