In 2018, Marriott had a massive data breach. This week, Marriott International admitted that it had wrongly claimed to have used strong AES-128 encryption to protect customer data. Instead, it was revealed that they used SHA-1, a much weaker security method. This revelation came after more than 5 years of Marriott asserting that the data was securely encrypted, which misled investigations and could have impacted the handling of the breach. Courts ordered Marriott to update its claims on its website, highlighting the serious implications of the misrepresentation for both Marriott and data security standards. This shameful approach is continuing, as Marriott hid their admission in a 5 year old press release.

Marriot revealed in a court case around a massive 2018 data breach that it had been using secure hash algorithm 1 and not the much more secure AES-1 encryption as it had earlier maintained.