New York Attorney General Opens Probe into Marriott Data Breach


The New York Attorney General’s Office launched an investigation into Marriott International’s massive data breach.

In a tweet on Friday, Attorney General Barbara Underwood said, “We’ve opened an investigation into the Marriott data breach. New Yorkers deserve to know that their personal information will be protected.”

Underwood’s statement comes after Marriott disclosed that hackers breached its Starwood guest reservation database.

Approximately 500 millions guests affected 

The hacking incident affected around 500 million guests who made reservation at Starwood properties on or before September 10, 2018.

Hackers compromised the personal information including names, e-mail and mailing addresses, phone number, passport details, Starwood Preferred Guest (SPG) account information of approximately 327 million guests. For other guests, the hackers also gained access to their credit card information, according to the company.

Marriott learned about the data breach after receiving alert from an internal security tool in September this year. The company immediately hired leading security experts to investigate it. They found that hackers illegally accessed the Starwood network, copied and encrypted information.

On November 19, Marriott decrypted the information and determined that it was from Starwood guest reservation database. The company reported the data breach to law enforcement. It also started notifying regulators regarding the matter.

Marriott is accelerating is security improvements

In a statement, Marriott’s President and CEO Arne Sorenson, said, “We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves.  We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

In addition, he stressed that the company is working hard to provide answers to guests’ questions regarding their personal information. Marriott established a dedicated website and call center to answer questions regarding the data breach.

Furthermore, Sorenson stated that the company is phasing out Starwood systems and accelerating its ongoing security improvements.

On Friday, Marriott started send e-mails to affected guests. The company is offering them an opportunity to enroll in WebWatcher, free of charge for one year.