Marriott Data Security Breach Affects Up to 500 Million Starwood Hotel Guests

Hip2Save may earn a small commission via affiliate links in this post. Read our full disclosure policy here.

Marriott Hotel data breach

Stayed at a Starwood Property recently?

Marriott International recently announced that they are taking measures to investigate and address a data security incident involving the Starwood guest reservation database that has affected millions of guests. 😱

What happened? On November 19th, 2018, they determined that there was unauthorized access to the database containing guest information relating to reservations at Starwood properties on or before September 10th, 2018.

Starwood properties include: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels.


Marriott has not finished identifying duplicate information in the database, but believes it contains information for up to approximately 500 million guests who made a reservation at a Starwood property.

Which information was accessed?
  • For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
  • For some guests, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).
  • For the remaining guests, the information was limited to name and other occasional data such as mailing address, email address, or other information.

Person on Computer

Affected? Get free WebWatcher Service.

Marriott is providing guests with the opportunity to enroll in WebWatcher free of charge for one year. WebWatcher monitors internet sites where personal information is shared and generates an alert to the consumer if evidence of the consumer’s personal information is found. Guests from the United States who activate WebWatcher will also be provided with free fraud consultation services and reimbursement coverage.

To activate and enroll in WebWatcher, click on your country below:

Have questions or concerns? Marriott has established a dedicated website and call center to answer questions you may have about this incident. The call center is open seven days a week and is available in multiple languages.

Join The Discussion

Comments 4

  1. Patti

    Well this just sucks . . . thanks alot Marriott! Some how giving us free service so WE can catch any misuse seems not quite enough to offset the seriousness of this breach . . . . Really . . . passport #s?? Shame on them!

  2. Tori

    500 Million people? Starting when?!

    There is only 7.5 billion people in the entire world! Eliminate kinds and 3rd world countries and that doesn’t leave many – like 1 in 3 or 4 people!

    • Tori

      Kids not kinds

      Gotta love spell check

    • hip2trade

      Marriott said in a statement that it discovered “unauthorized access” to the database dating back to 2014. The hacker had copied and encrypted information and “took steps toward removing it,” as stated by Marriott.

Leave a Reply

Your email address will not be published. Required fields are marked *

It's not your Grandma's coupon site!

Sign up for a Hip2Save account (it's free) to access all of the awesome features!

Forgot Password?

Don't have an account? Register

Forgot Password

Don't have an account? Register

Already have an account? Login

Thank you for rating!

Would you also like to leave us a comment?