Marriott International announced on Friday, November 30th that it had suffered a massive breach of customer data in the Starwood guest reservation database. An investigation determined that there was unauthorized access to the database, which contained information for up to 500 million guests, who made reservations at Starwood properties on or before September 10, 2018.

For approximately 327 million guests, the breached information includes some combination of name, mailing address, phone number, email address, passport number, SPG account information, date of birth, gender, arrival and departure information, reservation date and communication preferences. For some, the information also included payment card numbers and expiration dates.


Marriott has established a dedicated website ( and a call center to answer questions about the breach. The company will also be sending emails on a rolling basis to affected guests whose email addresses are in the Starwood guest reservation database. For more information, check out Marriott’s press release here.

Although Marriott has not stated whether only direct bookings were compromised, that was certainly the case when British Airways experienced a similar breach staring in late August 2018.

If your travelers are booking directly with a hotel instead of booking hotel stays through World Travel, your entire program is taking on more risk. Here’s why.

3 Reasons to Book Hotel Stays Through Your TMC

1. Duty of Care

Risk Management is one of the most important concerns for any travel program. It’s important to have the right TMC on your side, one that can provide real-time traveler tracking, alerts and notifications to both travelers and travel managers, itinerary-accessible security information, mobile access, etc.

If your travelers are making all bookings through World Travel, we will be able to provide accurate reporting on where your travelers are and what security issues may impact them. However, if your travelers are booking directly with a supplier (airline, hotel, or car rental), providing that level of support can be tricky.

2. Consolidated Data

Having consolidated and accurate booking data is not only a best practice for duty of care purposes – it is also helpful for business decisions and supplier negotiations. If your travelers, for example, are booking directly with the hotel, overall analysis of your hotel program becomes more manual, making it more difficult to answer the most important questions. For example, what percentage of your bookings are with preferred hotels? How many room nights?

3. Increased Support

Booking outside of your TMC also impedes support in situations like data breaches. For example, if all Marriott/Starwood bookings were breached from all sources – it would be easy for World Travel to generate a report identifying the Marriott/Starwood reservations that may have been compromised.

If you’re looking for strategies to combat these risks and keep your travelers from going rogue or direct, just let us know. Feel free to drop us a line below, contact your World Travel, Inc. Account Manager, or reach out to our sales team at

Tiffany Zerby

Written by Tiffany Zerby