Marriott International today admitted that it has suffered a security breach on a massive scale, with the personal details of up to 500 million guests having been exposed due to a database breach. Worse still, unauthorized access has been happening since 2014.
As Reuters reports, the breach effects a guest reservation database for the Starwood Hotel brand. An "unauthorized party" managed to copy and then encrypt the information stored in the database from 2014 until now. Marriott was alerted to the breach on Sept. 8 by an internal security tool. Although steps have now been taken to bring unauthorized access to an end, it's too late to protect the data of hundreds of millions of guests.
Arne Sorenson, Marriott's President and Chief Executive Officer, responded to the breach by saying, "We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward."