MARRIOTT International has revealed the private information of up to 500 million customers may be at risk after a shock hack.
Some payment card information has been accessed by hackers, the hotel chain warned earlier today. Shares of the company were down 4 percent at $117 in premarket trading. The hack began in 2014, before Marriott offered to buy Starwood for $12.2 billion in November 2015, acquiring brands including Sheraton, Ritz Carlton and the Autograph Collection to create the world’s largest hotel operator. The company closed the Starwood deal in September 2016.
Marriott said for 327 million guests, compromised data could include passport details, phone numbers and email addresses. For some others, it could include credit card information.
Marriott said it first found out about the breach after an internal security tool sent an alert on Sept. 8.
“We’ve opened an investigation into the Marriott data breach. Additionally, under New York law, Marriott was required to provide notification to our office upon discovering the breach; they have not done so as of yet,” said Amy Spitalnick, Communications Director and Senior Policy Advisor, Office of the New York Attorney General.
Marriott said it would inform affected guests about the breach, starting Friday, and that it had reported it to law enforcement and regulatory authorities.
Several companies have suffered data hacks in recent years. The breach could cost Marriott hundreds of millions of dollars in legal costs.