A massive data breach disclosed by Marriott International on Friday affected 500 million guests worldwide, and may have compromised the personal information of many prominent Africans.
Many African leaders who attended the United Nations General Assembly in New York in September lodged at several of Marriott’s global brands.
The Wall Street Journal, one of the first American newspapers to report on the hack, said the large data breach could only be rivaled by the theft of information in 2013 and 2014 from the internet company Yahoo, when at least 3 billion people worldwide were affected.
The latest hack occurred in the reservation system for Marriott’s Starwood properties, which Marriott bought in 2016 for $13.6 billion.
Marriott has more than 6,700 properties world-wide under 30 hotel brands.
WSJ said the brands within the Starwood Hotels & Resorts Worldwide unit account for about a third of the company’s total collection, including Sheraton, W Hotels, Westin, Le Méridien, Four Points by Sheraton, Aloft, St. Regis, Element, The Luxury Collection, Tribute Portfolio, and Design Hotels.
Marriott other brands include global names such the Ritz-Carlton and Renaissance.
WSJ quoted security analysts as saying that the range of customer data potentially compromised—such as names, passport numbers, travel details and payment-card data—make the breach even more sensitive.
“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward,” Marriott Chief Executive Arne Sorenson said.
While Marriott said it would begin informing those affected by the breach, it remains unclear how many Africans, especially the continent’s top businessmen and women and politicians who often used Marriott’s luxurious brands have been affected.
It was also clear whether the company will inform guests who reside outside of the United States or Africa in particular.
Marriott said an internal security tool alerted it to a potential breach on Sept. 8, and after an investigation, the company found that the Starwood guest database may have been compromised since 2014.
The database contained information for guests who made reservations on or before Sept. 10 at Starwood hotels globally.
“Marriott warned that for roughly two-thirds—or 327 million—of the guests potentially affected, an unauthorized party may have gained access to names, passport numbers and travel details. The company said that in some cases payment-card numbers are typically encrypted, though it couldn’t rule out that card information was stolen,” The Wall Street Journal said.