[BreachExchange] Marriott CEO to testify before U.S. Senate panel on data breach

Destry Winant destry at riskbasedsecurity.com
Thu Mar 7 10:56:56 EST 2019


Marriott International Inc Chief executive Arne Sorenson will testify
before a U.S. Senate panel Thursday about a hacking incident it
reported in December that exposed the records of up to 383 million
customers in its Starwood hotels reservation system and 5.25 million
passport numbers.

The Senate’s Permanent Subcommittee on Investigations is holding a
hearing “to examine the causes and scope of private sector data
breaches that expose the most sensitive information of millions of

The hearing will also include Equifax Inc Chief Executive Mark Begor,
who will discuss the company’s 2017 disclosure of the hacking of
sensitive data of about 148 million people. That massive breach
sparked calls for changes by Congress to the credit reporting
agencies’ handling of data.

Marriott disclosed on Nov. 30 that it had discovered its Starwood
hotels reservation database had been hacked over a four-year period in
one of the largest breaches in history. At least five U.S. states and
the UK’s Information Commissioner’s Office are investigating the

A company spokeswoman confirmed Sorenson would testify but declined to
comment further.

Marriott also said that it had completed an effort to phase out the
Starwood reservations database that it acquired in September 2016 with
its $13.6 billion purchase of Starwood. The hack began in 2014, a year
before Marriott offered to buy Starwood.

The company initially said records of up to 500 million guests were
involved and then revised its estimate to up to 383 million in

The hotel operator also said that some 25.55 million passport numbers
were stolen in the attack on the Starwood Hotels reservation system,
5.25 million of which were stored in plain text. Another 8.6 million
encrypted payment cards were also taken in the attack, it said.

The Senate panel will also hear from the Federal Trade Commission’s
director of the Bureau of Consumer Protection and others “to focus on
policies Congress could consider in order to help prevent future
cyberattacks and data breaches.”

The committee also plans to release a report on Equifax “detailing the
repeated failures over the years on the part of Equifax that led to
the devastating breach in 2017.”

Marriott said last week that in the fourth quarter of 2018 it had
incurred $28 million in expenses and recognized $25 million of
insurance proceeds related to the data security incident.

More information about the BreachExchange mailing list