True crime news logo
    • News

Sign up for our newsletter and get the latest stories

Never miss the latest true crime news, reviews and top lists — plus new podcasts, series, films and books.

You can unsubscribe with one click from any email.

True crime news logo

The international true crime destination. Cases, documentaries, podcasts and travel routes.

© 2026 truecrime.news. All rights reserved.

Sagsmappe

Marriott's Massive Breach: 383 Million Guests Exposed

Hotel chain's four-year security lapse compromised passport numbers, addresses, and payment data across Starwood properties worldwide

Mappe Åbnet: JUNE 6, 2025 AT 10:00 AM
A Starwood-branded server room with tangled Ethernet cables and a laptop displaying a web shell interface, symbolizing the vulnerability exploited in Marriott's data breach affecting 500 million guests
BEVIS

Sagsdetaljer

Quick Facts

Klassifikation:

Data breach
Identity theft
Espionage
Cybercrime
USA
United Kingdom
Denmark

Quick Facts

LocationWashington, D.C., USA

Marriott International disclosed one of history's largest data breaches on November 30, 2018, revealing that hackers had infiltrated its Starwood guest reservation database—initially estimated to affect up to 500 million guests, later revised to approximately 383 million unique guests.

The breach's timeline is striking in its duration. Unauthorized access to the Starwood system began in 2014, meaning attackers maintained access for roughly four years before detection. Marriott, which acquired Starwood Hotels in 2016, didn't discover the suspicious activity until September 8, 2018. The breach was confirmed on November 19, 2018, and publicly announced just 11 days later.

The compromised data reveals the scope of exposure. For the 383 million affected guests, hackers obtained names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, dates of birth, gender, arrival and departure dates, reservation dates, and communication preferences. For an undisclosed subset of guests, attackers also accessed encrypted credit card numbers and expiration dates—protected with AES-128 encryption, though whether encryption keys were compromised remains unclear.

Cybersecurity experts highlighted the gravity of what was exposed. Dan Guido, founder of Trail of Bits, described the breach as "massive" because attackers obtained particularly sensitive data: passport numbers and detailed travel histories. Tim Johnson, cyber correspondent for McClatchy Newspapers, emphasized that such information opens victims to serious threats including spear-phishing attacks and identity theft.

The breach exposed critical security failures within Marriott's infrastructure. Investigators found that the company lacked adequate network segmentation and insufficient monitoring systems—basic controls that would have detected the intrusion far sooner. Attackers didn't just access the database; they encrypted and exfiltrated a complete copy of the guest data, ensuring they could retain information even if the company later secured the system.

Passwords
Fbi
Hacking
Scandal
Internet
Extortion
False report
Fraud
mordssag
justitssvigt
justitsmordet
hvidvaskning
cybersikkerhed
overerstatningskommission
domstol
mordsager
magtmisbrug
Sagsstatus
Løst
Sted
Washington, D.C., USA

Marriott's response began once the breach was confirmed. The company hired third-party forensic investigators to assess the damage and took steps to stop further data exfiltration. Starting November 30, 2018, Marriott notified affected customers of the compromise. In the United States, victims were offered a "Web Watcher" tool for monitoring suspicious activity, fraud consultation services, and reimbursement assistance—though these protections were not uniformly available across all countries.

The legal consequences have extended far beyond 2018. The breach faced expected scrutiny under the European Union's General Data Protection Regulation (GDPR) due to Marriott's delayed disclosure to affected parties and regulators. In October 2024, the U.S. Federal Trade Commission took enforcement action against Marriott, citing the company's security failures in this and related breaches.

No individual hackers have been publicly identified or prosecuted in connection with the Starwood breach. The attack remains attributed to unidentified threat actors who exploited Marriott's weak security infrastructure to gain access to one of the hospitality industry's largest guest databases.

The Marriott Starwood breach stands as a cautionary tale about the consequences of inadequate cybersecurity investment and delayed threat detection in large organizations handling sensitive traveler information.

**Sources:** - https://www.consumerreports.org/electronics/data-theft/marriott-data-breach-a8216923749/ - https://www.huntress.com/threat-library/data-breach/marriott-data-breach - https://abacusnext.com/blog/marriott-hack-impacts-500-million-guests-how-are-you-protecting-your-clients-data/ - https://www.browardbar.org/marriott-data-breach-what-you-need-to-know/

Read more

A cracked Equifax logo on a glass door with reflection of anonymous figures in suits, symbolizing espionage and security failure, against the backdrop of a busy urban landscape.
Case

U.S. Charges Chinese Military Officers in Massive Equifax Hack

A compromised Microsoft Exchange server displays a terminal screen filled with cryptic code, cables snaking out as a technician in the background examines the setup, symbolizing the widespread impact of the 2021 Hafnium cyberattack.
Case

Chinese State Hackers Breached Thousands via Microsoft Exchange

A computer screen displaying a Yahoo login page with a small sticky note that reads "Password Breach" placed nearby, suggesting a breach into user accounts.
Case

Yahoo's 3 Billion Account Breach: History's Largest Hack

Related Content
A cracked Equifax logo on a glass door with reflection of anonymous figures in suits, symbolizing espionage and security failure, against the backdrop of a busy urban landscape.

U.S. Charges Chinese Military Officers in Massive Equifax Hack

A compromised Microsoft Exchange server displays a terminal screen filled with cryptic code, cables snaking out as a technician in the background examines the setup, symbolizing the widespread impact of the 2021 Hafnium cyberattack.

Chinese State Hackers Breached Thousands via Microsoft Exchange

A computer screen displaying a Yahoo login page with a small sticky note that reads "Password Breach" placed nearby, suggesting a breach into user accounts.

Yahoo's 3 Billion Account Breach: History's Largest Hack

A laptop screen displaying lines of code and visible API tokens, surrounded by notes and diagrams illustrating a data scraping scheme related to LinkedIn profiles, in a cluttered tech workspace.

700 Million LinkedIn Users' Data Sold on Dark Web Forum

Advertisement
SS

Susanne Sperling

View all stories →
Share this post: