The incident affects customers who made reservations at Starwood hotels on or before 10 September 2018.
The Starwood hotel brands include: Aloft Hotels, Design Hotels, Element Hotels, Four Points by Sheraton, Le Méridien Hotels & Resorts, Sheraton Hotels & Resorts, St. Regis, The Luxury Collection, Tribute Portfolio, W Hotels and Westin Hotels & Resorts. Starwood-branded timeshare properties are also included. The hack does not affect those who booked with a Marriott-branded hotel.
About 327 million of the affected customers are thought to have had details compromised including names, addresses, phone numbers, dates of birth, as well Starwood customer details such as departure and arrival information and reservation dates.
Some may also have had payment details such as card numbers and expiration dates accessed – while these are protected by encryption, Marriott is unable to rule out the possibility that the information needed to decrypt them may have also been taken.
The remaining affected customers have had their names accessed, and in some cases other information including email and home addresses.
We’ve asked Marriott how many UK customers have been affected and will update this story when we know more.
Marriott says it discovered the breach on 8 September this year, but found there had been unauthorised access to its Starwood network since 2014.
On 19 November, Marriott decrypted the information that had been copied during the breach and found it was from the Starwood guest reservation database.
It says it has reported the incident to the relevant authorities.