0121 222 5630

Email Aristi Ltd Follow Aristi Ltd on Facebook Follow Aristi Ltd on Twitter Follow Aristi Ltd on LinkedIn

Insights and Updates.
Made for you.

You are here:
Posted on Wednesday, 12 December 2018

500 million customers can’t sleep easy with Marriott data breach.

Written by

The world’s largest hotel chain, Marriott Hotels, announced on Friday (November 30, 2018) that half a billion of its customers’ data had been breached dating as far back as 2014.

Marriott owns more than 5,800 properties around the world with 1.1 million rooms spread across more than 110 countries[.  That makes this incident is a potentially global cyber security scandal.

Those at risk of security breaches are customers whose data had been stored in the guest reservation database of the chain’s Starwood division. The hacker initially gained access to this database over four years ago[.

Marriott admitted on Friday, although it has known about the breach since November 2016, it does not yet know the full scale of the attack. The chain says it will notify any customer whose data is at risk.

The hotel chain estimates 327 million customer records were accessed including a combination of their name, date of birth, gender, address, contact number, email address, passport number and account information. This means that customers are now at risk of acts such as identity theft or credit card fraud.

Even though the data was encrypted, the hotel chain acknowledged that the keys needed to decrypt this data might also have been accessed during the attack.

Called to comment

“We fell short of what our guests deserve and what we expect of ourselves,” says Arne Sorenson, president and chief executive, Marriott Hotels. “We are doing everything we canto support our guests and using lessons learnt to be better moving forward.

“Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information,with a dedicated website and call centre. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network[.”

Public concern

This is not the first time a global business has experienced a significant data breach this year.  In September, Facebook admitted it was possible that 50 million customers were left unprotected by a security flaw which had allowed hackers to gain control of selected users’ accounts[.

Also in September, Uber was ordered to pay £113m as a result of attempting to conceal a serious data breach from its regulators in 2016. Uber’s security breach saw 57 million user accounts accessed including over 600,000 driving licence numbers. If this breach happened now, under new GDPR, Uber would be forced to pay in excess of £157m.  

“These recent breaches highlight how crucial a safe data culture is to businesses,” says Harj Singh, founder and CEO at Aristi. “With the recent introduction of GDPR,businesses need to be proactive to ensure that they are keeping their customers’ data safe.

If Marriott couldn’t protect its data, how can you?  Your top 3 priorities:

  1. Cyber security is more than just a series of checks – best practice guidelines need to be embedded in your company culture.
  2. GDPR and cyber security should both be treated as one integral part of your business – rather than as two ‘silos’.
  3. Regular testing of your business’ security is paramount to ensure you are following best practice guidelines with secure systems.

“Protecting customer data can be simple. Regular checks and security tests as well as ensuring compliance with GDPR will help to prevent your business from any security breaches.”

“For best practice to be sustainable, it must be embedded throughout your culture.

“Understanding an organisation’s culture – whether it’s a company, civil service department, NGO or charity – entails a deep dive.  But once you have it, you can empower the organisation to achieve its vision, profitably.

“You do that using a range of tools in the business cyber security toolkit:  including consultancy and Cyber Essentials, trusted security advisor service and penetration testing.”

If you’re concerned about your business’ cyber security or simply want to find out more about what you can do to prevent malevolent attacks, call 0121 222 5630 or email info@aristi.co.uk.


Please contact Aristi to discuss your requirements. Filling in the form below is the quickest way to get in touch with the relevant person at Aristi.


Keep up-to-date with insights and info on all areas of Information Assurance, Information Security, Penetration Testing & Data Sharing from the award-winning consultants Aristi.

Latest Tweets

Good discussion and knowledge sharing at the Aristi Cyber Resilience event this morning. #cyberresilience… https://t.co/DkT0iBlejj
Aristi CEO Harj Singh interview on BBC television. https://t.co/8rWzAKMkYk https://t.co/ilRGiUuYsp
All set up for the Digital Sales Marketing and Technology Expo 2019 #headzupbusiness https://t.co/VYjr8vGXNa

Subscribe to our Newsletter

Latest Blog Posts

  • Would your business survive a cyber attack?

    Share the post “Would your business survive a cyber attack?” Facebook LinkedIn Twitter A cyber-attack can have a huge impact on your organisation in terms of cost, productivity and reputational damage. Being prepared to detect and quickly respond to incidents will help to reduce the business impact and prevent the attacker from inflicting further damage. […]

    Written on Monday, 16 September 2019
  • Cyber Resilience for Charities

    Share the post “Cyber Resilience for Charities” Facebook LinkedIn Twitter A Round Table Event for Charities Charities are increasingly reliant on IT and technology and are falling victim to a range of malicious cyber activity. The recent government Charity Sector Threat Assessment indicates that losing access to this technology, having funds stolen or suffering a data […]

    Written on Thursday, 07 March 2019
  • 10 years of Aristi by its founder, Harj Singh

    What’s in a name? The word Aristi has three meanings – security, excellence and calm. Find out where we started and where we believe cyber security to be headed.

    Written on Thursday, 24 January 2019