Marriott International has reported a data security breach of its Starwood network, which the company says exposed information of approximately 500 million guests.
The breach, which was discovered Sept. 8, affects reservations at Starwood properties on or before Sept. 10. The Starwood portfolio includes the W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury Collection, Tribute Portfolio, Le Meridien, Four Points by Sheraton and Design Hotels brands. Starwood-branded timeshare properties were also affected.
For approximately 327 million Starwood guests, the information stolen includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences. For the remaining guests, the information was limited to name, as well as mailing address, email address or other data.
An undisclosed number of guests had their payment card numbers and payment card expiration dates exposed.
Further investigation also showed that there had been unauthorized access to the Starwood network since 2014.
"We deeply regret this incident happened," said Marriott president and CEO Arne Sorenson in a statement. "We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network."
Marriott has established a dedicated website and call center to field questions from guests relating to the breach and has begun notifying affected guests via email.
Additionally, Marriott is providing guests with one year of free enrollment in WebWatcher, which monitors internet sites and alerts consumers if their personal information is being shared. In the U.S., guests enrolled in WebWatcher will also receive complimentary fraud consultation services and reimbursement coverage.