Marriott IT boffins are furiously working to get to the bottom of the Starwood database breach.

Marriott International is currently investigating and taking corrective action on a data security incident which is understood to have potentially impacted personal details of over 500 million Starwood customers worldwide.

On 19 November, an investigation into the breach found that unauthorised access to the Starwood database did indeed take place, following an alert from an internal security system which activated in early September.

The investigation found multiple incidents of access which had occurred since 2014, with information copied and encrypted. Affected information may include names, addresses, phone, email and other personal data. Starwood Preferred Guest account details had also been accessed along with specifics relating to a guest’s stay dates. Payment information had been encrypted using advanced two-part methods, however Marriott said it could not rule out the possibility that both had been stolen.

Regulatory authorities and law enforcement have been notified of the breaches.

As a preliminary measure to assist customers who may be affected, Marriott International has established a dedicated call centre and website to help concerned guests learn more about the situation (info.starwoodhotels.com) via an FAQ page.

Marriott International CEO Arne Sorenson

Providing some insight into the breach, IT Security firm Sophos has advised anybody who has stayed at a Starwood property in the last four years to “assume the worst” and hope for a better outcome.

“Not only are guests at risk for opportunistic phishing attacks, but targeted phishing emails are almost certain, as well as phone scams and potential financial fraud. Unlike previous breaches, this attack also included passport numbers for some individuals who are now at increased risk for identity theft,” Sophos senior security advisor John Shier said.

According to Sophos, customers should be on the lookout for suspicious-looking emails, known as phishing, which ask for more details or confirmation of existing details. Customers should also be vigilant about their credit card and bank accounts and not to click on links on emails from Starwood or Marriott, as communications will look official. Customers are also advised to change the password to their Starwood Preferred Guest accounts.

Marriott International President and CEO, Arne Sorensen, said he deeply regrets the incident and that the company has fallen short of guest expectations.

“Today, Marriott is reaffirming our commitment to our guests around the world.  We are working hard to ensure our guests have answers to questions about their personal information.

“We are doing everything we can to support our guests, and using lessons learned to be better moving forward. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”