Marriott Hotel could not rule out possibility of encryption keys being stolen

Marriott Hotels is investigating a data breach including encrypted payment card data but can not rule out possibility that encryption keys had also been stolen

Marriott has set up a separate website to help the 327 million customers who may be affected by the incident.

The access attempt was discovered when Marriott received an alert from an internal security tool regarding unauthorised access to its Starwood guest reservation database. On further investigation they discovered

“…that there had been unauthorized access to the Starwood network since 2014. Marriott recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it”

The information includes a combination of names, addresses, phone numbers, email address, passport numbers and dates of birth.

“…the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted… There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken”

Marriott deeply regrets this incident happened and are conducting a thorough investigation with the assistance of leading security experts.

 Securious is a cyber security compliance company based in Devon serving businesses and organisations across the South West and beyond. We offer rapid Cyber Essentials certification, ISO 27001 Compliance and PCI DSS Compliance as well as PEN testing (penetration testing) and cyber security consultancy.