The national center for cybersecurity (NCSC) today reported that they received a statement from Marriott International about hacking the database of this hotel chain. The attackers gained access to information about 500 million hotel guests around the world over the past 4 years. The NCSC recommends to victims exercise caution when receiving calls and letters from unknown persons.
As it turned out, the internal security tool warned Marriott about an attempt to gain access to the Starwood guest house booking database on September 8. The company turned to the leading cybersecurity specialists who discovered unauthorized access to the Starwood network, which was carried out since 2014. It is now known that an unauthorized user has copied and encrypted the information and has taken steps to remove it.
More information about the situation has already been made public by Marriott International in an official statement to its customers: “the Information includes a combination of name, postal address, phone number, email address, passport number, Starwood Preferred Guest account information (‘SPG’), date of birth, gender, arrival and departure information, reservation dates and communication settings. For some, the information also includes payment card numbers and expiration dates, but the payment card numbers are encrypted using Advanced Encryption Standard (AES-128). Two components are required to decrypt them, and at this point Marriott could not rule out the possibility that both were taken.”
NCSC advises individuals held the registration for Starwood in the period 2014-2018 exercise caution:
– contact your Bank if you notice any unauthorized activity by you. Monitor your financial accounts for any suspicious transactions.
– use two-factor authentication on your confidential accounts, have unique passwords for all your accounts.
– be vigilant about suspicious phone calls or e-mails. Marriott International.
Marriott International has opened a dedicated call center to answer customer questions about the incident, and regularly distributes emails to affected guests whose email addresses are in the Starwood guest house booking database.
NCSC reminds you that genuine financial institutions will not ask you to respond to emails with personal or account information. If you contact them, use the phone number / email address you found yourself on their official source, not the email you received.