If you value your data privacy, Starwood Points might end up costing you more than they've saved.

Marriott International, Inc. disclosed a data breach of its Starwood guest reservation database on Friday. It estimates that the hack has affected 500 million customers, and acknowledged that the compromise had gone undetected for four years; hackers have had access to components of the database since 2014, and Marriott only became aware of any security issue in September 2018.

SEE ALSO:Facebook fined £500K for 'serious breaches' of data protection law

Yep, that means somebody had four years of unfettered access to a massive database of world travelers and their personal and potentially financial information. It's one of the biggest breaches in history, behind Yahoo's 2013 email hack, which affected 3 billion users.

Marriott is still determining exactly what information was accessed. The Starwood database manages customer reservations for multiple hotels including W Hotels, St. Regis, Sheraton Hotels & Resorts

It believes that 327 million of those guests had personal information taken, including — but not limited to! — this fun list:

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

Name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

What hospitality!

The database had more intense encryption for financial information. But Marriott says that it is not ruling out the possibility that hackers had access to credit card data as well.

"There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken."

The breach for the remaining ~170 million affected customers "was limited to" names, as well as, "sometimes other data."

Some legal experts wonder when companies will realize that collecting this amount of data on their customers is more of a liability than it is a business opportunity. Some companies make money selling data. However, when those databases are breached, it can result in hefty fines and a lot of public ill will; Yahoo recently had to pay the SEC $35 million for a 2014 breach affecting 500 million users. Does that magic number sound familiar, Marriott?

Marriott has set up a dedicated website and call center to answer questions about the breach. They are providing a year of WebWatcher to customers who used Starwood between 2014 and September 2018, a service that provides an alert if your data shows up in hacker marketplaces.

Marriott says it "deeply regrets" the incident. But that sentiment isn't saving their customers' privacy, now is it.

---

Featured Video For You

---

Facebook's Portal is coming at a very odd time — Technically Speaking

---

TopicsCybersecurityPrivacy