The assault started as far back as 2014, and was one of the largest known thefts of personal records, second only to a 2013 breach of Yahoo that affected three billion user accounts and larger than a 2017 episode involving the credit bureau Equifax.
The intrusion was a reminder that after years of headline-grabbing attacks, the computer networks of big companies are still vulnerable.
The Starwood attack happened roughly the same time as a number of other breaches at American health insurers and government agencies, including the United States Office of Personnel Management, in what security research firms and government officials described as an effort to compile a vast database of personal information on potential espionage targets.
The names, addresses, phone numbers, birth dates, email addresses and encrypted credit card details of hotel customers were stolen. The travel histories and passport numbers of a smaller group of guests were also taken.
What to do on how to protect yourself:
- Change your password immediately if you have signed up with Marriott International
- Do not reuse the same passwords
- Do not keep passwords written down on paper or in an excel document
Ensure you destroy sensitive documents that contain identifiable information.
See sources: nytimes.com