New York attorney general opens investigation into Marriott hacking

New York's attorney general announced an investigation Friday into the Marriott data breach that may have exposed 500 million guests' information, complaining that the hotel chain did not immediately notify the attorney general's office of the breach.


Attorney General Barbara Underwood (D) said her office opened the investigation because "New Yorkers deserve to know that their personal information will be protected." 

Marriott released a statement earlier Friday that said a "hack could have exposed" information on up to approximately 500 million guests who made a reservation at a Starwood property.

The New York attorney general's office told The Hill that New York law required Marriott to alert it of the breach immediately once it was discovered. It accused Marriott of not doing so.

"Under New York law, Marriott was required to provide notification to our office upon discovering the breach; they have not done so as of yet," it said in a statement to The Hill. 

Marriott said that they were alerted to the breach by an internal security tool on Sept. 8, 2018, which revealed there had been unauthorized access to the Starwood network since 2014. It only revealed the breach publicly on Friday. 

Marriott said it has reported the hack to law enforcement and is supporting their investigation. But it is unclear exactly when the breach was reported to law enforcement, or to what department. A representative from Marriott did not immediately respond to The Hill about the attorney general's claim that the breach was not properly flagged.