The target: The reservation database for Marriott hotel chain’s recently acquired Starwood subsidiary was compromised from 2014 until September of 2018.
The take: 170 million customers had only names, addresses & e-mail addresses stolen, while 327 million more lost some combination of name, home address, e-mail, date of birth, gender, and passport numbers. Marriott have confirmed that over 5 million unencrypted passport numbers were accessed by attackers.
The attack vector: It is suspected that the merging of information systems after the Starwood acquisition created the vulnerabilities that were exploited by suspected state actors. Marriott hotels are often the preferred hotel of US government and military officials.