Friday’s disclosure from hotel giant Marriott International Inc. that hackers compromised information on up to 500 million guests held in its Starwood reservation system raises the question of whether fraudsters will be able to use an unknown quantity of encrypted payment card numbers because they also might have stolen the decryption keys.
Bethesda, Md.-based Marriott in a statement said it received an alert Sept. 8 from “an internal security tool” about an attempt to access Starwood’s U.S. guest database. Marriott hired security investigators and determined there may have been unauthorized access to Starwood’s network since 2014. Marriott said it hasn’t finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made reservations at Starwood properties, which include the Sheraton, Westin, and W Hotels brands.