Maximise your Avios, air miles and hotel points

Marriott reveals that 500 million Starwood Preferred Guest hotel accounts were hacked

Links on Head for Points may support the site by paying a commission.  See here for all partner links.

Marriott revealed this morning that it has identified a major breach of security at Starwood Preferred Guest, which Marriott inherited with its 2016 acquisition of Starwood Hotels & Resorts.

Astonishingly, the breach has been in place since 2014.  This means 500 million guest records are involved.

This is not a notional breach.  A Marriott investigation has shown that “an unauthorized party had copied and encrypted information”.

For over 300 million of the impacted guests, the data stolen involves:

  • name
  • mailing address
  • telephone number
  • email address
  • passport number
  • SPG account number
  • date of birth
  • arrival and departure stay information

Some guest have also had payment card numbers and expiration dates stolen, although this data was encrypted.  The bad news is that Marriott is refusing to rule out that the hacker had also stolen details of the two steps required to decrypt this information.

For the other 100 million+ guests, only their name and mailing or email address was stolen.

Marriott will begin sending emails today to affected guests whose email addresses are in the Starwood guest reservation database.

You can see the full Marriott statement on their website here.

On a more thoughtful note …. perhaps it is time to reconsider the whole ‘making your travel experience easier’ routine?  Whilst there are cost savings to be made as part of this, the airlines and hotels have been keen to collect unnecessary personal information now for many years primarily to smooth your journey.

No longer does a hotel check-in clerk need to manually copy out all your passport information, take your home address details and ask for a credit card deposit (at least for elite members).  It is all centrally stored in the system for when you arrive.  Except, when that system is not secure, your personal details are at risk. 

Given that it now virtually impossible to secure large corporate networks, companies should – at the very least – remove passport and credit card information from the data we are asked to store with them.


How to earn Marriott Bonvoy points and status from UK credit cards

How to earn Marriott Bonvoy points and status from UK credit cards (January 2025)

There are various ways of earning Marriott Bonvoy points from UK credit cards.  Many cards also have generous sign-up bonuses.

The official Marriott Bonvoy American Express card comes with 20,000 points for signing up, 2 points for every £1 you spend and 15 elite night credits per year.

You can apply here.

Marriott Bonvoy American Express

20,000 points for signing up and 15 elite night credits each year Read our full review

You can also earn Marriott Bonvoy points by converting American Express Membership Rewards points at the rate of 2:3.

Do you know that holders of The Platinum Card from American Express receive FREE Marriott Bonvoy Gold status for as long as they hold the card?  It also comes with Hilton Honors Gold, Radisson Rewards Premium and MeliaRewards Gold status.

We reviewed American Express Platinum in detail here and you can apply here.

The Platinum Card from American Express

50,000 bonus points and great travel benefits – for a large fee Read our full review

You can also earn Marriott Bonvoy points indirectly:

and for small business owners:

The conversion rate from American Express to Marriott Bonvoy points is 2:3.

Click here to read our detailed summary of all UK credit cards which can be used to earn Marriott Bonvoy points

(Want to earn more hotel points?  Click here to see our complete list of promotions from the major hotel chains or use the ‘Hotel Offers’ link in the menu bar at the top of the page.)

Comments (56)

This article is closed to new comments. Feel free to ask your question in the HfP forums.

  • Richard says:

    Seems like they’ve stolen my dob and not given it back… no recognition of my birthday at Sheraton la Caleta today!

  • Russ says:

    37 comments on an article about possibly one of the biggest breaches in history versus 120 for the Christmas party!

    “Marriott reveals 500 million Starwood Preferred Guest accounts hacked – dating back to 2014
    30 NOVEMBER 2018 BY ROB 37 COMMENTS”

    “Get your HFP Christmas Party tickets at noon today (and at noon tomorrow too!)
    30 NOVEMBER 2018 BY ROB 120 COMMENTS”

    • Shoestring says:

      Released at quite different times. 8 hr difference?
      Very different subjects – fun vs serious.
      Can boast/ lament about Xmas party tickets – what can you do about data breach apart from moan?

  • James says:

    Off topic but hotel related………..Hotels.com reward night expiry……

    I foolishly have two hotels.com rewards nights which will expire very soon and I can not possibly use them in time OR earn a new rewards night in time (in order to extend the expiration).

    Does anyone know if I can do something like this below to essentially extend the expiry and thus not lose them ?

    If I book a stay of 2 nights before the expiry date using my 2 reward nights for a date after the expiry date I know that my nights won’t expire as they are booked to be used. This has been confirmed to me.

    What happens though if I need to cancel that stay later (after the expiry date but within the specific booking cancellation period) because my plans have changed ? Do I lose the 2 reward nights or will they be returned to me renewed and refreshed with another 12 months to use them ??

    Cheers.

    • BP says:

      Just book the cheapest night you can find. Somewhere like Bangkok for £3 a night. The reward night will get extended for a year even if you dont check-in.

      • BP says:

        Phnom Penh – Cool Wrong Backpacker Hostel – £2 a night – 12th December

  • James says:

    Great so crooks now have my home address along with a list of dates they know I won’t be home.

    If I am burgled can I take some sort of related legal action against Marriott ?

  • RIccatti says:

    Very fitting, given that I cannot see my own activity record of past hotel stays because of IT reasons. But someone else apparently can!

    Together with the payment card data…

  • Alex W says:

    Announcing the new loyalty scheme, Marriott Bonvoy. Say “bon voyage” to your personal data privacy!

  • Tim W says:

    “… it now virtually impossible to secure large corporate networks”
    Having just retired from the information security business, I can categorically state that this is not true. What is true, however, is that spending cash on almost anything else is seen as a lot sexier than securing information; and many – if not most – large organizations are not willing to invest in proper security measures.

  • James says:

    So they have allowed crooks to get a neat little list of the dates we won’t be in our homes along with the address of that home !!

This article is closed to new comments. Feel free to ask your question in the HfP forums.

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.