BUSINESS: Marriott data security breach is credit negative says Moody\’s

Marriott International’s revelation that the Starwood guest reservation database had been breached, potentially affecting up to 500 million guests is a credit-negative event, Moody's said.

“The key risks to the breach include the potential for direct costs associated with the investigation, as well as any litigation or liability that Marriott may have with respect to compromised data,” the rating agency said.

It said, based on similar events, it will take months before the company can quantify the costs.

Marriott stated that it carries cyber insurance and is working with the insurance companies to determine coverage.

“Longer-term risks to Marriott include any concerns guests may have about staying at a Marriott property because Marriott and Starwood merged their rewards program in August (Marriott acquired Starwood in 2016),” said Moody’s.

It added: “Management appears to be moving quickly to assess how the breach occurred, the extent of the information stolen, and how to enhance their systems as they phase out the Starwood systems.”

Marriott has begun notifying affected guests and has set up a website and call centre to assist guests with questions they may have.

The company is also offering monitoring services and fraud consultation services to affected guests.

“Although it is too early to assess the potential financial effect, we expect that Marriott will maintain its adequate liquidity profile and its commitment to conservative financial objectives, including maintaining leverage consistent with its stated target of 3.0x-3.5x.”