Marriott Data Breach Timeline: Four Years of Undetected Access
The timeline spans four years of undetected access, beginning in Starwood systems two years before Marriott acquisition.
Unlock Full Privacy Intelligence
Get deep-dive reports on every company that touches your data. SeekerPro members see breach timelines, DSAR success rate...
Learn MoreAudit Your Site Free
Run a full privacy and compliance audit on any website in 60 seconds. NexusBro scans cookie consent, tracker behavior, a...
Learn MoreAutomate Privacy Compliance
Stop wasting hours on manual DSAR filings and cookie consent management. BliniBot handles the busywork so your team can ...
Learn MoreData Types Exposed
Response Timeline
2014: Starwood systems first compromised
September 2016: Marriott completes acquisition
September 2018: Security tool flags suspicious query
November 2018: Public disclosure
2020: UK ICO fine of 18.4 million pounds
Detailed Analysis
The four-year dwell time highlights the importance of cybersecurity due diligence in mergers and acquisitions. Marriott inherited not just the hotel chain but also the compromised IT infrastructure.
The breach at Marriott exposed 500 million records through persistent unauthorized access to starwood reservation systems. 383 million unique guest records from Starwood reservations The incident highlights the ongoing challenges organizations face in protecting sensitive user data against increasingly sophisticated attack vectors. Security researchers have noted that breaches of this magnitude often result from a combination of technical vulnerabilities and organizational failures in security practices.
Current status: Fine paid; security improvements implemented. Affected users should take immediate steps to protect their accounts, including changing passwords, enabling multi-factor authentication, and monitoring financial accounts for unauthorized activity. Filing a DSAR with Marriott can help you understand what data was exposed and request its deletion.
What To Do If Affected
- Change your password immediately on this service and any accounts using the same password
- Enable two-factor authentication on all critical accounts
- Monitor your credit reports for unauthorized activity
- Consider placing a credit freeze with major bureaus
- File a complaint with your local data protection authority
Protect Your Data Across Every Platform
Tools trusted by thousands of privacy-conscious users worldwide
No card charged today. Cancel anytime.
Frequently Asked Questions
How many records were affected in the Marriott breach?
The Marriott data breach affected 500 million records. Data types exposed include: names, addresses, passport numbers, credit card data.
What should I do if I was affected by the Marriott breach?
If you were affected, change your passwords immediately, enable two-factor authentication, monitor your credit reports, and consider placing a credit freeze. You can also submit a DSAR to Marriott requesting deletion of your data.
Is there compensation for Marriott breach victims?
Fine paid; security improvements implemented Check if a class action settlement exists and whether you are eligible to file a claim.