In what is the biggest ever hack of a hotel reservation system to date, hackers had managed to breach Starwood hotels’ reservation system and managed to steal personal information, including passport and credit card numbers of 383 million customers.
Arne Sorenson, Marriott International Inc’s CEO is slated to testify before a U.S. Senate panel on Thursday.
Sorenson’s testimony is in reference to the hacking incident that Marriott reported in December 2018 that exposed the records of up to 383 million customers in its Starwood hotels reservation system; the data breach also exposed the passport numbers of 5.25 million Marriott customers.
The U.S. Senate’s Permanent Subcommittee on Investigations is holding a hearing “to examine the causes and scope of private sector data breaches that expose the most sensitive information of millions of Americans.”
The hearing will also include Mark Begor, Equifax Inc’s CEO, who will discuss the company’s 2017 disclosure of the hacking of sensitive data of about 148 million people; this incident had sparked calls for changes by Congress to the credit reporting agencies’ handling of data.
On November 30, Marriott had disclosed that it had uncovered a hacking incident revolving around its Starwood hotels reservation database over a four-year period. It was the largest breach in history.
At least five U.S. states and the UK’s Information Commissioner’s Office are investigating the attack.
At that time Marriott had said, it had completed an effort to phase out the Starwood reservations database that it acquired in September 2016 with its $13.6 billion purchase of Starwood.
The hacking incident had commenced in 2014, a year before Marriott acquisition of Starwood.
Initially, Marriott had stated, records of up to 500 million guests were involved in the hack; it then revised that estimate to up to 383 million in January 2019.
Marriott had also reported that nearly 25.55 million passport numbers were stolen in the hacking attack, of which 5.25 million were stored in plain text. Another 8.6 million encrypted payment cards were also taken in the attack.
The Senate panel will also hear from the Federal Trade Commission’s director of the Bureau of Consumer Protection and others “to focus on policies Congress could consider in order to help prevent future cyberattacks and data breaches.”
The committee also plans to release a report on Equifax “detailing the repeated failures over the years on the part of Equifax that led to the devastating breach in 2017.”
last week, Marriott had said it had incurred $28 million in expenses and recognised $25 million of insurance proceeds related to the hacking incidents in its fourth quarter of 2018.