Marriott Company Breach Incident

Marriott Company Breach Incident


Cybersecurity has become one of the biggest menaces in the 21st century thanks to advanced technology. The more companies realise the need to embrace technology in their operations fully the more its become a risk for business, as cyber-criminals pose a threat data/information stored in the company system. Furthermore, some security incidents are initiated internally whereby employee unknowingly or deliberately leaks sensitive information to hackers. Therefore an organisation requires a robust information security policy which should be reinforced comprehensively to address cyber-security challenges. The article explores the security incident at Marriot international hotel.

The Marriott incident was discovered late 2018 and had been going since 2014 resulting in loss of data of about 500 million guests. Notably, the 500 million guests’ confidential data exposed to significant breach. The company which is one of the most prominent hotels acknowledged that customer data breached in the Starwood room network. The attack is of great concern because of not only the large quantity of data but also the type of information stolen by hackers.

Of the 500 million people affected 327 million people affected include sensitive data such as emails, passport numbers, mailing address, gender and date of birth. Marriott, a US-based hotel company, has 6500 hotels in 127 countries around the world; therefore it’s possible and practical that its credit card details expose. Since Starwood room reservation was affected therefore all its properties also affected namely; Le Meridien Piccadilly, Westbury Mayfair and Park Lane Sheraton Grand. Following the breach, the company reported the matter to the UK’s Information Commissioner’s Office (ICO). Consequently, the authorities warned affected customers to stay vigilant as they continue with investigations. Another strange thing about the particular breach incident is that hackers stole both methods of data decryption and encrypted data. Thus the event points out at major cybersecurity lapse on whether encrypted data should be stored together with the way of decryption.

The breach raises many questions on whether the company knew about the incident since it started in 2014 or whether complied with regulations like EU General Data Protection Regulation that places penalty of 4 per cent of year turnover. It was discovered in September 2014 that unauthorised party has infiltrated the system, copied and encrypted data. Experts then started to decrypt the breached information. Customers complained they took to social media mainly twitter to show their anger for not receiving the breach through report news instead of being notified through the company email.  Customers blamed the management of the company for not using the proper procedure to inform the affected individuals. Again they questioned the organisational capacity to handle client data in a safe manner. However, the company CEO apologised for the way the company manage the whole scenario and for the loss of big loss customers incurred. He also promised to utilise the incident as a lesson for the company to create robust cyber-security measures and policies to avoid future incidents. In conclusion, the Marriott international hotel incident marked as a wake-up call for the majority of companies to review its information security to ensure they are not obsolete in the era of high tech cyber-criminals.







Cook, J. (2019). Private data of 500 million Marriott guests exposed in the massive breach. Retrieved from