Marriott International Inc Chief Executive Arne Sorenson apologized on Thursday before a U.S. Senate panel for a massive data breach involving up to 383 million guests in its Starwood hotels reservation system and vowed to protect against future attacks.
Sorenson told the Senate Permanent Subcommittee on Investigations that the hacking prompted the company to accelerate the retirement of the Starwood system that was completed in December. He said the company first became aware of a security issue in September 2018 and then notified the FBI in October before disclosing the issue on Nov. 30.
Committee Chairman Rob Portman noted that Starwood said it had discovered malware in November 2015 on some systems designed to steal credit card information but Starwood said at the time it “did not impact its guest reservation database.”
Sorenson said there was evidence of an unauthorized party on the Starwood network since July 2014 but “our investigators had found no evidence that the attacker had accessed guest data” through mid-November 2018.
Sorenson said since October Marriott has provided the FBI with “several updates and ready access to forensic findings and information to support their investigation.”
Sorenson said the company has not received any substantiated claims of loss from fraud attributable to the incident.