News Releases

WASHINGTON – U.S. Senator Jerry Moran (R-Kan.) – chairman of the Senate Commerce Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security – along with U.S. Senators John Thune (R-S.D.), chairman of the Senate Committee on Commerce, Science, and Transportation, and Roger Wicker (R-Miss.), chairman of the Subcommittee on Communications, Technology, Innovation, and the Internet, sent a letter to Marriott International President and Chief Executive Officer Arne M. Sorenson following reports that the company had identified a cybersecurity incident impacting an estimated 500 million consumers.

“Of the estimated 500 million consumers impacted by the breach, approximately 327 million of those guests reportedly had a combination of customer data, including personally identifiable information exposed, including name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preference,” the senators wrote. “Additionally, sensitive payment information like payment card numbers and payment card expiration dates were also apparently exposed, but Marriott stated that this specific information was encrypted using the Advanced Encryption Standard (AES-128), which requires two individual components to decrypt the information.  Nevertheless, Marriott has also clarified that the company has not yet ruled out that these decryption keys were also taken as a result of the breach.”

In the letter, Sens. Thune, Wicker, and Moran question Mr. Sorenson on details related to when the breach began, what consumer information was compromised, and investigative efforts Marriott International has taken since detection. The Commerce Committee exercises jurisdiction over consumer protection and cybersecurity. 

Full text of the letter can be found here.


Related Files