Marriott International Chief Executive Arne Sorenson appeared before a Senate subcommittee Thursday (March 7) to discuss the data breach of the Starwood Hotels reservation system, saying he doesn't know if China was behind it.
According to a report in Reuters covering the hearing, Sorenson apologized for the hack that compromised the data on 383 million guests in the Starwood hotels reservation system, saying the company has taken steps to protect against any future hacks. As for China, the executive said the company doesn't know who or which country was behind the hack, but is cooperating with the FBI to figure it out. In December Reuters reported hackers left behind clues that pointed to Chinese government intelligence agencies. Meanwhile, in the same month, Secretary of State Mike Pompeo suggested China was behind the hack, the report noted.
During the testimony, Sorenson said Marriott became aware of the issue in September and notified the FBI in October. It disclosed the breach publicly at the end of November. The data breached prompted the company to speed up the shutdown of the system, something he said was completed in December.
While the executive acknowledged there was evidence of unauthorized access to the Starwood network dating back to July of 2014, he said the company's investigation found no evidence that guest data was impacted until the middle of November. He noted that since October the company has given the FBI “several updates and ready access to forensic findings and information to support their investigation,” reported Reuters. Sorenson said the company hasn't received any claims of loss from fraud due to the incident has been adding protection tools to its security offering to identify any suspicious behavior. The company now uses two-factor authentication to keep customer data more secure.
Sorenson joined Equifax's CEO in testifying before Congress Thursday. The Senate Homeland Security and Governmental Affairs Subcommittee on Investigations is holding the hearing to discuss lessons learned from the Equifax and Marriott breaches.