When Marriott acquired Starwood hotels two years ago, the company didn't realize it was also buying a massive security breach.
The breach -- compromising information about 500 million customers -- is reportedly one of the largest in history. It is not close to the Yahoo breach of some three billion user accounts.
According to reports, however, the Marriott breach involves more than email information. It apparently includes credit card, passport, and other personal details that hackers use for identity theft.
Marriott and More
Starwood brand hotels include St. Regis, Sheraton, Westin, and others. The security hack started before the acquisition in 2016, and went undetected until now.
"We deeply regret this incident happened," Arne Sorenson, Marriott's president and chief executive officer, said in a statement. "We fell short of what our guests deserve and what we expect of ourselves."
Sorenson said the company is doing "everything" it can to support guests, and "using lessons learned to be better moving forward."
Lawyers, no doubt, are "moving forward" as well. After the Yahoo breach, they "helped" users, investors, and regulators file a variety of claims over the security fail.
Once More Into the Breach
Starwood and Marriott hotels had a clue about their issue in 2016, when they suffered a separate breach at 20 locations. Tens of thousands of customers had their credit cards compromised.
In the latest incident, Marriott apparently has not figured out the hackers' motivations. The Washington Post said it was unclear whether they were "criminals collecting data for identity theft or nation-state spies collecting information on travelers worldwide, including possibly diplomats, business people, or intelligence officials as they moved around the globe."
That could be a relief to the average Marriott customer, except that the company probably didn't have 500 million diplomats or intelligence officials as guests in the past two years. If they did stay at a Marriott, however, apparently they didn't have great security.