02/18/2019

Photo (c) BalkansCat - Getty Images Consumers who stayed at one of Marriott’s Starwood hotels can now check to see if their information was exposed in the massive data breach revealed in November.

The hotel chain has created an online form that enables guests to see if their data was stolen. Marriott promised to reply to form submissions “as soon as reasonably practicable and consistent with applicable law.”

Last month, Marriott disclosed that five million unencrypted passport numbers were stolen in the breach of its Starwood hotel reservation system. Unknown parties gained access to the database sometime in 2014, according to the results of an investigation.

The breach affected accounts that had used Starwood’s guest reservation database between 2014 and September 10, 2018. Starwood-branded hotels include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton, and Design Hotels.

Marriott said last month that data on “fewer than 383 million unique guests” was leaked in the breach.

Records that were stolen included, “some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (‘SPG’) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.”

The online checker Marriott has created asks that users input personal information, including their name, email address, and the last six digits of their passport number.

“There is a certain irony in having to turn over your own data — not least to a third-party — to be told if you’re a victim of a breach,” TechCrunch noted, adding that guests should use the checker at their own risk.