Marriott data breach: how Revolut responded

Paul Heffernan

 · 11/30/2018  · 11/30/2018

Earlier today, Marriott announced a massive data breach which may have affected 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.

The company confirmed the breach may have affected customers who made bookings on or before September 10, 2018 and added that the unauthorised access has been dated back as far as 2014.

Marriott told us it has informed law enforcement about the incident and that they are working closely with them to support the ongoing investigation, according to a recent news article.

What we know so far 😮

On Friday, 30th of November, Marriott announced a breach in the Starwood guest authorisation database, which holds data of some 500 millions of its customers.

Marriott-owned Starwood is the largest hotel chain in the world, with more than 11 brands covering 1,200 properties worldwide.

From as early as November 19th, the company determined there had been unauthorised access to the Starwood database, which contained records of personal and payment details from guests who stayed in Starwood locations on or before the 10th of September 2018.

The ongoing investigation found that a combination customers names, addresses, passport numbers, dates of birth, as well as an unknown number of encrypted credit card details may have been stolen by hackers. The company was “not been able to rule out” the possibility that the security keys needed to access the credit card data weren’t stolen.

While these are only the initial findings of the ongoing investigation, the full impact of the incident with regards to the exact number of compromised records and data types has yet to be confirmed by the company.

How might this affect you?  🤔

If you have used your Revolut card to book, check-in or to make a payment at any of the Marriott owned Starwood branded hotels on or before September 10, 2018, your data may have been compromised.

The Starwood network includes hotels such as W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resort, Four Points by Sheraton and Design Hotels.

According to the initial investigation, it appears that only customers of Starwood branded hotels may have affected by the breach. If you have stayed at Marriott-branded hotels or other properties owned by the group, your data might not have been compromised.

Our response 💪🏻

We are still working on the numbers and we'll soon be able to determine who may have been affected in this breach. We'll then reach out to these customers individually to discuss the best course of action.

At the moment there’s no indication that your unencrypted card details have been compromised, which means you may not be at risk of fraud. If this changes or we see more fraud attempts on Revolut cards used at Marriott in the past, we will update this post and take precautions to protect you.

Subscribe for updates 📲