Commerce Committee Leaders Seek Answers on Marriott Data Breach

December 4, 2018

WASHINGTON – U.S. Sens. John Thune (R-S.D.), chairman of the Senate Committee on Commerce, Science, and Transportation, Roger Wicker (R-Miss.), chairman of the Subcommittee on Communications, Technology, Innovation, and the Internet, and Jerry Moran (R-Kan.), chairman of the Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security, have sent a letter to Mr. Arne M. Sorenson, the president and chief executive officer of Marriott International following news that the company had identified a cybersecurity incident impacting an estimated 500 million consumers. 

Excerpt from the letter to Marriott International:

“Of the estimated 500 million consumers impacted by the breach, approximately 327 million of those guests reportedly had a combination of customer data, including personally identifiable information exposed, including name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preference.  Additionally, sensitive payment information like payment card numbers and payment card expiration dates were also apparently exposed, but Marriott stated that this specific information was encrypted using the Advanced Encryption Standard (AES-128), which requires two individual components to decrypt the information.  Nevertheless, Marriott has also clarified that the company has not yet ruled out that these decryption keys were also taken as a result of the breach.” 

In the letter, Sens. Thune, Wicker, and Moran question Mr. Sorenson on details related to when the breach began, what consumer information was compromised, and investigative efforts Marriott International has taken since detection.  

Read the full letter to Marriott International President/CEO here. The Commerce Committee exercises jurisdiction over consumer protection and cybersecurity.