Marriott International CEO Arne Sorenson has apologised before a US Senate panel for a vast data breach affecting up to 383 million Starwood hotels guests and has vowed to protect against future security attacks.

CEO apologises as Senate probes massive data hack

Marriott International CEO Arne Sorenson has apologised before a US Senate panel for a vast data breach affecting up to 383 million Starwood hotels guests and has vowed to protect against future security attacks.

Sorenson told the Senate Permanent Subcommittee on Investigations there was evidence of an unauthorised party on the Starwood network since July 2014 but the company’s investigators had “found no evidence the attacker had accessed guest data” until late last year.

Marriott bought Starwood for $13.6 billion in September 2016.

Senator Tom Carper said the incident “raises questions about the degree to which cyber-security concerns do and should play a role in merger and acquisition decisions”.

Carper said Marriott acquired a company with “serious cyber-security challenges and had actually been attacked before” but chose to initially leave Starwood’s security system in place after acquiring it.

The breach prompted Marriott to speed up its retirement of the Starwood system, completing the process last December.

Tennant Co ANAU Mid Article 300×250
Sorenson said the company first became aware of a security issue in September 2018, notified the FBI in October and disclosed the issue publicly on November 30.

The four-year breach is one of the largest ever seen, and while the location of the attackers is yet to be publicly disclosed, Reuters reported in December that sources believed clues left by the hackers suggesting they were working for a Chinese government intelligence gathering operation.

Committee chairperson Rob Portman noted that Starwood said it had discovered malware in November 2015 on some systems designed to steal credit card information, but the group said at the time it did not impact its guest reservation database.

Sorenson said since October Marriott has provided the FBI with “several updates and ready access to forensic findings and information to support their investigation”.

He said the company has not received any substantiated claims of loss from fraud attributable to the incident.

Marriott initially believed the records of up to 500 million guests were affected but has since revised down that figure to around 383 million.

Some five US states and the UK Information Commissioner’s Office are investigating the attack.

About Kate Jackson

Kate Jackson
Kate Jackson is the editor of Accomnews. You can reach her at any time with questions or submissions: [email protected]

Check Also

Hotels, hostels and caravan parks paid to take Tassie homeless

Accom operators will be offered financial incentives to take in homeless guests for months at a time under a Tasmanian government plan to address a critical shortage of housing this winter.

Dearth of berths: The lack of infrastructure threatening our $5b industry

Growth in Australia’s multi-billion-dollar cruise industry will stagnate without better berthing facilities, a leading industry body has warned.

Airbnb backs Aussie country pubs with $250,000

The company responsible for half a billion guest check-ins globally is looking to revive bookings for five Aussie pubs at the heart of regional Australian communities. 

Leave a Reply

Your email address will not be published. Required fields are marked *