How Could Starwood Data Breach Have Gone Unnoticed For Four Years?

I ripped Marriott earlier today for waiting nearly three months to announce that Starwood hotels customer data had been hacked.

In hindsight, I should have focused my questioning not on the timing of the announcement but on the extraordinary amount of time that the breach had been occurring undetected four years.

Unauthorized access to the Starwood network started in 2014, Marriott announced Friday. That explains why so many peoples information may have been exposed as many as 500 million Starwood guests.

Theres no way that should happen.

In a news release, Marriott said that for about 327 million guests, information that could have been exposed includes name, address, phone number, email address, passport number, Starwood Preferred Guest account information, birth date, gender, arrival and departure dates, reservation date and communication preferences. For some, the information also includes payment card numbers and expiration dates. The card numbers were encrypted in the database, but Marriott said it cant rule out the possibility that the encryption keys were stolen, too.