WASHINGTON—Marriott International Chief Executive Arne Sorenson will testify before a Senate panel on March 7 about a hacking incident the company reported in November 2018 that exposed the records of as many as 383 million customers in its Starwood hotels reservation system and 5.25 million passport numbers.
The Senate’s Permanent Subcommittee on Investigations is holding a hearing “to examine the causes and scope of private sector data breaches that expose the most sensitive information of millions of Americans.”
The hearing will also include Equifax Chief Executive Mark Begor, who will discuss the company’s 2017 disclosure of the hacking of sensitive data of about 148 million people. That massive breach sparked calls for changes by Congress to credit-reporting companies’ handling of data.
Marriott disclosed on Nov. 30 last year that it had discovered its Starwood hotels reservation database had been hacked over a four-year period, in one of the largest breaches in history. At least five U.S. states and the UK’s Information Commissioner’s Office are investigating the attack.
A company spokeswoman confirmed Sorenson that would testify but declined to comment further.
Marriott also said that it had completed an effort to phase out the Starwood reservations database that it acquired in September 2016 with its $13.6 billion purchase of Starwood. The hack began in 2014, a year before Marriott offered to buy Starwood.
The company initially said records of up to 500 million guests were involved before revising its estimate upward in January.
The hotel operator also said that some 25.55 million passport numbers were stolen in the attack on the Starwood Hotels reservation system, 5.25 million of which were stored in plain text. Another 8.6 million encrypted payment cards were also taken in the attack, it said.
The Senate panel also will hear from the Federal Trade Commission’s director of the Bureau of Consumer Protection and others “to focus on policies Congress could consider in order to help prevent future cyberattacks and data breaches.”
The committee also plans to release a report on Equifax “detailing the repeated failures over the years on the part of Equifax that led to the devastating breach in 2017.”
Marriott said last week that in the fourth quarter of 2018, it incurred $28 million in expenses and recognized $25 million of insurance proceeds related to the data security incident.
By David Shepardson