Massive data breach at Marriott’s hotels exposes private data of 500,000 guests

The Marriott hotel chain has reported a data breach affecting the personal details of up to half a million of its guests.

The US company has determined there has been unauthorised access to the database of its Starwood branch.

The discovery came as part of an investigation earlier this month, which had been looking at a cyber attack dating back to 2014, a statement on Friday said.

The company believes the breach affected “up to approximately 500 million guests who made a reservation at a Starwood property”, although some of the records could belong to people who had multiple stays.

For around 327 million of those reservations, data exposed includes some combination of name, address, phone number, email, passport number, and other personal details, as well as details of the person’s stay, the statement said.

Credit card numbers and expiration dates of some guests may have been taken.

“We fell short of what our guests deserve and what we expect of ourselves,” chief executive Arne Sorenson said in a statement.

“We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

Marriott first became suspicious of a possible hack in September. The Starwood chain of hotels includes Westin, Sheraton, Le Meridien, St Regis and W Hotels.

The authorities and regulators have been informed, Marriott said.