Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Rebecca Zisser/Axios

Marriott's disclosure of a data breach — dating back to 2014 and affecting as many as 500 million customers — puts the hotel industry under a harsh regulatory microscope and could be a test case for Europe's stringent new data laws.

The big picture: This would be the 2nd biggest breach of all time, trailing only Yahoo! in 2013, based on Marriott's initial disclosure. This is by far the biggest breach disclosure since the European laws came into effect earlier this year.

The breach was in the Starwood reservations system, which has 11 brands and roughly 1,200 properties in its portfolio, including Sheraton, St. Regis, Westin and W Hotels. Marriott bought Starwood for $13.6 billion in 2016.

  • "For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences," the company said in a statement.
  • "For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128)."
  • "There are two components needed to decrypt the payment card numbers..."
  • "At this point, Marriott has not been able to rule out the possibility that both were taken."

Between the lines: "The Marriott hack joins a list of breaches to hit the hospitality industry in recent years. Security analysts say the industry is a ripe target for criminal actors because of the wealth of financial and other information flowing through payment and reservation systems." [WSJ]

  • "Given the volume and sensitivity of personal data taken, and the length of the breach, Marriott 'has the potential to trigger the first hefty G.D.P.R. fine,' said Enza Iannopollo, a security analyst with Forrester Research, referring to the European data protection law enacted earlier this year." [NYT]
  • "News of the breach sparked questions among cybersecurity experts about whether the hackers were criminals collecting data for identity theft or nation-state spies collecting information on travelers worldwide, including possibly diplomats, business people or intelligence officials as they moved around the globe." [Washington Post]

What's next: "Attorneys general in Connecticut, Illinois, Massachusetts, New York and Pennsylvania said they would investigate the attack, as did the UK’s Information Commissioner’s Office," Reuters reported.

The bottom line: "With all of the big breaches, it's easy to get apathetic about security," Axios cybersecurity reporter Joe Uchill explains. "I no longer blink unless breaches affect more than 1 million people, which was still a huge number of accounts just a few years ago."

  • "But it's important to remember that every data breach presents danger to millions of people, and possibly to you."

Go deeper: Behind the Marriott breach's "500 million affected" tally

Subscribe to Axios AM/PM for a daily rundown of what's new and why it matters, directly from Mike Allen.
Please enter a valid email.
Please enter a valid email.
Server error. Please try a different email.
Subscribed! Look for Axios AM and PM in your inbox tomorrow or read the latest Axios AM now.

Go deeper

30 mins ago - World

World leaders react to "new dawn in America" under Biden administration

President Biden reacts delivers his inaugural address on the West Front of the U.S. Capitol on Wednesday. Photo: Alex Wong/Getty Images

World leaders have pledged to work with President Biden on issues including the COVID-19 pandemic and climate change, with many praising his move to begin the formal process for the U.S. to rejoin the Paris Climate Agreement.

The big picture: Several leaders noted the swift shift from former President Trump's "America First" policy to Biden's action to re-engage with the world and rebuild alliances.

Updated 4 hours ago - Politics & Policy

In photos: The Biden and Harris inauguration

President Biden and first lady Jill Biden watch a fireworks show on the National Mall from the Truman Balcony at the White House on Wednesday night. Photo: Chip Somodevilla/Getty Images

President Biden signed his first executive orders into law from the Oval Office on Wednesday evening after walking in a brief inaugural parade to the White House with First Lady Jill Biden and members of their family. He was inaugurated with Vice President Kamala Harris at the U.S. Capitol on Wednesday morning.

Why it matters: Many of Biden's day one actions immediately reverse key Trump administration policies, including rejoining the Paris Agreement and the World Health Organization, launching a racial equity initiative and reversing the Muslim travel ban.

Republicans pledge to set aside differences and work with Biden

President Biden speaks to Sen. Mitch McConnell after being sworn in at the West Front of the U.S. Capitol on Wednesday. Photo: Erin Schaff-Pool/Getty Images

Several Republicans praised President Biden's calls for unity during his inaugural address on Wednesday and pledged to work together for the benefit of the American people.

Why it matters: The Democrats only have a slim majority in the Senate and Biden will likely need to work with the GOP to pass his legislative agenda.