Marriott Hotel has announced that 500 million guests have been affected by a security breach.
The data breach took place on the Starwood guest reservation database and risks the names, addresses, email addresses, passport numbers, dates of birth and in some cases card details of half a billion customers.
The group have said the payment information was encrypted using Advanced Encryption Standard encryption.
Cybersecurity expert Joseph Carson, who is the chief security scientist at Thycotic, said: “what is shocking about this data breach is that the cybercriminals potentially got away with both the encrypted data as well as the methods to decrypt the data.”
The breach was discovered on 8 September when Marriott received an alert from an internal security tool that warned of an attempt to access the Starwood guest reservation database in the US.
Arne Sorenson, Marriott president and chief executive, said: “We deeply regret this incident happened.”
“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
“Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call centre. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network,” he added.
The hotel chain, which operates hotels under names including Westin Hotels and Resorts, W Hotels, The Luxury Collection and Tribute Portfolio, has set up a website and call centre to support guests with any questions.
Shares in the group (NASDAQ: MAR) are down by 5.01% in pre-market trading (1507GMT).