Marriott International has revealed that it’s investigating a hack of the guest reservation database at its Starwood unit that may be one of the biggest such breaches in corporate history. The attack is troubling not just because of its sheer size, but also the level of detail potentially stolen by the attackers. The hack affects some 500 million guests—and for about 327 million of them, the data included passport numbers, emails and mailing addresses, Marriott said. Some credit card details may also have been taken.
The Marriott hack may rank only below Yahoo as one of the biggest of personal data, when 3 billion users were exposed to a 2013 security breach.
“We know there’s going to be a cost, but how big will it be, I don’t know, I don’t think Marriott knows,” says Michael Bellisario, an analyst at Robert W. Baird & Co. “Marriott’s biggest asset is the network effect of customers in the loyalty program. The big question is does it impact the Marriott brand, and the customer desire to be rewards program members? It’s still too early to tell.”