Marriott says its guest reservation system has been hacked, potentially exposing the personal information of over 500 million guests. The world’s biggest hospitality company said 500 million guests information were at risk of a massive data breach that has been going on since 2014. Marriott said hackers had gained unauthorised access since 2014, but it has only been identified last week.

In a statement Marriott said: “The company recently discovered that an unapproved party had copied and encrypted information, and took steps towards removing it”.

Marriott says 327 million guests have had their information exposed, this includes their names, phone numbers, dates of birth, phone numbers, passport numbers and arrival and, departure information. For the millions others, their credit card numbers and card expiration dates were potentially exposed and Marriott has warned customers that they can’t confirm if the hackers were able to decrypt the credit card information.

CEO Arne Sorenson said in a statement: “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

Marriott said it has already started to email the affected guests and has created an informational website for Marriott guests. They have also reported the hack to the relevant regulatory bodies and law enforcement. In the wake of this news Marriott stocks fell nearly 6% and the hospitality giant could now face hefty fines from regulatory bodies.

What is a data Breach?

A data breach occurs when sensitive and confidential information is accessed by a third party who is not authorised to do so. This data can include things such as passwords, credit card numbers, health records or addresses. The most common ways hackers gain access to a system, is by guessing a password or by installing malware. Data breaches can range in size, from a single individual accessing a file, to millions of company records being stolen. How someone is affected by a data breach depends on the information that is obtained and released. The best way to protect your data is to change your password regularly and not store sensitive information on your computer.

Marriott has taken the following steps to help guests:

Dedicated call centre: Marriott has established a dedicated call centre to answer questions you may have about this incident. The call centre will be open 7 days a week and is available in multiple languages.

Email notification: Marriott began sending emails on a rolling basis on November 30, 2018 to affected guests whose email addresses are in the database.

Free WebWatcher enrolment: Marriott is providing guests the opportunity to enrol in WebWatcher free of charge for one year. WebWatcher monitors internet sites where personal information is shared and generates an alert to the consumer if evidence of the consumers personal information is found. Due to regulatory and other reasons, WebWatcher or similar products are not available in all countries. Guests from the United States who complete the WebWatcher enrolment process will also be provided fraud consultation services and reimbursement coverage for free.