Marriott/Starwood 2018 Data Breach
| Company | Marriott International |
|---|---|
| Breach Date | January 1, 2014 |
| Disclosure Date | November 30, 2018 |
| Records Affected | 500 million |
The Marriott breach, discovered in 2018, had actually been ongoing since 2014 in the Starwood reservation system. It exposed data on up to 500 million guests.
What Happened
Hackers compromised the Starwood Hotels reservation database in 2014, two years before Marriott acquired Starwood. The intrusion went undetected for four years.
When Marriott discovered the breach in September 2018, they found attackers had copied and encrypted data and were attempting to remove it. Investigators attributed the attack to Chinese state-sponsored hackers.
What Data Was Exposed
- Passport numbers - 5.25 million unencrypted
- Payment card numbers - 8.6 million encrypted
- Names and addresses
- Phone numbers
- Email addresses
- Dates of birth
- Gender
- Arrival/departure dates
- Reservation dates
- Communication preferences
Who Is Affected
Up to 500 million guests who made reservations at Starwood properties (Sheraton, Westin, W Hotels, St. Regis, etc.) before September 2018.
How to Check If You Were Affected
Marriott set up a dedicated website and call center for affected guests to check their exposure.What You Should Do Now
- Check if passport was exposed - May need replacement
- Monitor credit card statements
- Change Marriott Bonvoy password
- Enable two-factor authentication
- Be alert for targeted phishing
- Sign up for Marriott's free monitoring
Last updated: January 13, 2026