On Friday 30th November 2018, Marriott Hotel Group announced that they had a data breach of their Starwood guest reservations database exposing over 500 million customer records.

Anyone booking and checking in/out of Starwood brand hotels from 2014 – 2018 is impacted; also all Starwood Preferred Guest (SPG) membership card holders. The hackers have had undetected access to the entire customer database for over 4 years.

The Starwood Brands Affected

W Hotels,

St. Regis,

Sheraton Hotels & Resorts,

Westin Hotels & Resorts,

Element Hotels,

Aloft Hotels,

The Luxury Collection,

Tribute Portfolio,

Le Méridien Hotels & Resorts,

Four Points by Sheraton and Design Hotels.,

Starwood branded timeshare properties

Strangely enough – if you booked and stayed at a Marriott Hotel during this period (without an SPG membership) your data might not be effected.

Customer Details Exposed in the Data Breach


Mailing address,

Phone number,

Email address,

Passport number,

Starwood Preferred Guest (“SPG”) account information,

Date of birth,


Arrival and departure information,

Reservation date,

Communication preferences,

Payment card numbers,

Payment card expiration dates

Marriott has said that it will email users impacted; but this leaves a massive opportunity for scammers to capitalize on confusion surrounding the breach.


We urge anyone who would have posted holiday photos, comments on holidays & vacations at Marriott brand hotels – especially if you checked in on Facebook / FourSquare etc to watch out for scams.

Marriott has setup a site containing details of the breach, but ridiculously enough this is hosted at a website not using a Marriott domain name. They clearly have not learned from the issues of the Equifax scandal earlier this year where scam websites were set up and customers redirected to malicious content by hackers and scammers.

The Marriott information site can be found here – https://answers.kroll.com

Also linked from the main Marriott site – https://www.marriott.com/default.mi

Any genuine contact from Marriott should not contain any links or embedded documents. If you receive mails or contact via Facebook, Whatsapp or SMS containing links or encouraging you to call or follow a link – do not do so.