Who doesn’t love a good rewards program? Now I’m not talking about a convoluted program like the new system Uber plans on releasing, I mean a “buy two sandwiches, get the third hoagie free” caliber loyalty program. Something that lets me know, as a consumer of whatever product or service I’m being loyal to, that I matter, and my business matters. If you’ve ever managed to scrape together enough shekels to stay multiple nights at a Marriott (MAR) resort, you probably opted in or were secretly signed up, for the Starwood Preferred Guest system, or “SPG” for those of us in a time pinch. Just to give you a brief glimpse into the SPG program, SPG members earn six points per dollar spent and use these points to “pay” for nights in Marriott properties at the cost of 10,000 points per night.
Like I said, several shekels are needed.
Having said that, Marriott International (MAR) may need to beef up their rewards system to keep customers happy after the company announced Friday that its Starwood reservations database had been breached by hackers and the personal information of 500 million guests may have been stolen, according to several sources. According to the Washington Post, the breach involved guest data mined from the database for all Starwood-affiliated properties, including Sheraton, Westin, and St. Regis hotels. Given the sheer number of people whose private information may have been stolen as a result of the Starwood breach, this event represents one of the biggest cybersecurity breaches in history.
Arne Sorenson, president, and chief executive officer for Marriott International (MAR), crawled out of whatever suite he slept in the night before the breach, threw on some slacks, and delivered a statement to the press:
“We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, using lessons learned to be better moving forward. Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information…”
–Arne Sorenson, President and Chief Executive Officer, Marriott International
However earnest and heartfelt Sorenson’s statement might be, customers and investors in the hotel chain didn’t take the bate. As a result of the massive data breach, Marriott’s (MAR) shares dropped 5% in a mixed market, trading at $114.95 per share on Friday. The market’s reaction to the news is warranted because, as key analysts have pointed out, of how uncertain Marriott (MAR) is on the potential impact to the millions of customers whose data was infiltrated.
What’s both interesting and concerning about the data breach is that, according to Marriott’s (MAR) announcement regarding the details of the event, the company received an alert regarding a potential security threat on September 8, 2018. After investigating the alert, Marriott’s (MAR) cybersecurity team discovered that “there had been unauthorized access to the Starwood network since 2014.” If this is true, why did it take the company four years to address and correct the intrusion? Some analysts are speculating that Marriott was so caught up in the Starwood merger in 2016 that they simply overlooked the entire debacle.
The recent downtrend in price characterizes the volatility of the news. As the stock price continues to fluctuate, only time will tell how long it takes to re-stabilize. As one of the industry leaders, Marriott (MAR) has a high correlation to other large-cap hospitality businesses which means that other hotel chains in the space should take the news of the data breach as justification for implementing more security measures for their customer data.
