The hotel chain said the guest reservation database of its Starwood division had been compromised by an unauthorised party.
It said an internal investigation found an attacker had been able to access the Starwood network since 2014. […]
For about 327 million guests, the information included “some combination” of:
- phone number
- email address
- passport number
- account information
- date of birth
- arrival and departure informationIt said some records also included encrypted payment card information, but it could not rule out the possibility that the encryption keys had also been stolen. […]
[…] The UK’s data regulator has confirmed it is investigating, and so the threat of a whopping GDPR penalty looms.
Although the Marriott group’s headquarters are in the US, it has to comply with the EU’s GDPR rules when dealing with citizens in the EU. […]