Marriott International Chief Executive Arne Sorenson is set to testify before a U.S. Senate panel about a hacking incident that exposed the records of up to 383 million customers.
The breach, which may be among the largest in history, was revealed in November 2018. The company said that an alert was raised in September from an “internal security tool” that access to guests’ information had been attempted. An investigation then revealed that the unauthorized access had been happening since 2014. During that time, unauthorized parties had been able to copy and encrypt information that resided in the Starwood database, including around 25.55 million passport numbers, 5.25 million of which were stored in plain text. Another 8.6 million encrypted payment cards were also taken in the attack.
While at least five U.S. states and the U.K.’s Information Commissioner’s Office are investigating the breach, a report in December claimed that attack was part of a wider campaign by China to gather information, which included hacking into health insurance companies and security clearance files of millions of people living in the U.S. The report noted that the hackers are believed to be employed by the Ministry of State Security, which is China’s spy agency.
In the meantime, the Senate Permanent Subcommittee on Investigations is holding a hearing “to examine the causes and scope of private sector data breaches that expose the most sensitive information of millions of Americans.”
In addition to Sorenson, Equifax Chief Executive Mark Begor will also be testifying about company’s 2017 hack that impacted 148 million people. The committee also plans to release a report on the credit reporting agency “detailing the repeated security failures over the years on the part of Equifax that led to the devastating breach in 2017.”
Marriott noted that it has successfully phased out the Starwood reservations database, which was acquired in September 2016 when it purchased Starwood for $13.6 billion.