Marriott said today that up to 500 million users have had their information leaked as part of a data breach affecting it's Starwood loyalty scheme and guest reservation database.
They discovered an issue on the 19th November 2018, that an unauthorised party had gained access to the database from as early as 2014.
In a statement Marriott said, "The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property,"
Data included "some combination" of name, mailing address, phone number, email address, passport number, account information, date of birth, gender, and arrival and departure information. They also said some records also included encrypted payment card information, but it could not rule out the possibility that the encryption keys had also been stolen.
North IT always recommends that websites with personal data and card data should be regularly pen tested, see our web app penetration testing services for further information.