Marriott Hotels: Why a sorry wouldn’t have gone amiss

Recently we wrote a blog which argued that brands often seem to issue apologies when they don’t need to.

But there are of course plenty of situations where brands really do need to say ‘sorry’.

And one of those, I would suggest, is when you have lost the data of up to 500 million people.

No that isn’t a misprint. That eye-watering figure was revealed by Marriott Hotels in a statement on Friday about the database of its Starwood reservation being compromised.

To put it into some kind of perspective, when the boss of British Airways was doing the media rounds in September, it was because a data hack had affected around 380,000 transactions. When Cathay Pacific found itself in full crisis media management mode in October, it was because it had lost sensitive information on 9.4million people.

Marriott brought Starwood in 2016 to create the world’s biggest hotel chain. Its data breach is not the biggest ever seen - that dubious honour goes to Yahoo - but it is up there.

And it is particularly troubling for those affected as the lost data includes combinations of names, addresses, phone numbers, email addresses, passport numbers and payment details.

Yet its 646 word statement does not include the word sorry. The closest we got was ‘regret’.

Here’s the quote from Arne Sorenson, the company’s president and chief executive, which forms the key part of the statement.

“We deeply regret this incident happened.

“We fell short of what our guests deserve and what we expect of ourselves.  We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

“Today, Marriott is reaffirming our commitment to our guests around the world.  We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call centre.  We will also continue to support the efforts of law enforcement and to work with leading security experts to improve.  Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network,”

Not only is the statement, which is titled ‘Marriott Announces Starwood Guest Reservation Database Security Incident’ bizarrely lacking in remorse, but it also feels like it is packed with stock corporate response lines – ‘lessons learned’ and ‘moving forward’ being among the chief offenders.

It has the feel of something which has been put together by committee and gone through an extensive sign-off process.

The other big issue for me with the statement is that the key bit – the quote from the boss – is somewhat buried, although that may be because they couldn’t find anything interesting for him to say.

The quote should be near the top of the response to show that the organisation’s managers are leading the management of the incident. It also an opportunity for them to show that they really care.

However, there are some parts of this crisis media management response which I liked. The dedicated website and call centre and the offer of fraud-checking services are good moves which will help the company’s cause.

The email notification for customers is also a good idea, but why did it only begin to send the emails on Friday (30/11), when it first knew of the intrusions at the start of September and had determined what was stolen by November 19?

The final thing to look at is the hotel chain's use of social media. The Marriott International account, which has 425,000 followers, has posted about the breach - albeit in a pretty low key fashion, which could easily be missed.  It tweeted: “Marriott values our guests and understands the importance of protecting personal information. For more information on the Starwood guest reservation database security incident, please visit”

People who tweeted this account with concerns were met with a generic response.

There is no mention of it on the Marriott Hotels account (@marriott), even though that is the handle most people talking about the incident are using.  Neither is there any mention of it on the Starwood Hotels account.

Data breaches are an increasingly common cause of crisis media management incidents. It feels like barely a day goes by without one being reported and it surely will not be long until another brand finds itself in the firing line.

When that happens, I recommend they begin by saying sorry – it really shouldn’t seem to be the hardest word to say.


Find out more about preparing for a crisis by downloading our free crisis media management eBook. It includes a guide to helping you identify the right spokesperson, messaging templates and a risk register to help you identify your organisation’s vulnerabilities.


Media First are media and communications training specialists with over 30 years of experience. We have a team of trainers, each with decades of experience working as journalists, presenters, communications coaches and media trainers. 

Click here to find out more about our highly practical crisis communication training.


Subscribe here to be among the first to receive our blogs.


Our Services

Media First are media and communications training specialists with over 30 years of experience. We have a team of trainers, each with decades of experience working as journalists, presenters, communications coaches and media trainers.

Online learning
Training by videoconference
Media training
Message development and testing
Presentation skills training
Crisis management testing
Crisis communication training
Leadership communication training
Writing skills training
Social media training
Video sound bites
Identifying positive media stories
How to film and edit professional video on a mobile
Media skills refresher
Media skills
TV studios
Crisis communications
Presentation skills and personal impact
Media training NEW21
Ways - Online learning
Ways - Videoconference
Ways - Blended
Ways - In-Person

Recommended Reading

Crisis management — 4 March by Adam Fisher

The picture that went viral and destroyed a reputation

Few people without an interest in horse racing would have heard of Gordon Elliott until recently. But one viral image has ensured he is now known across the world. And not for the reasons he, or…

Crisis management — 2 March by Adam Fisher

5 poorly handled crisis incidents and the lessons you can learn from them

We recently looked at some crisis media management incidents that had been handled well. But what about those responses which were not managed quite so successfully? In this blog, we are going to…