Nov 30, 2018, 5:05 am
Last edit by: MasterGeek
From Starwood Lurker team :
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Starwood/Marriott Data Breach 500 Million Guests affected, Marriott fined £18.4m
Nov 30, 2018, 12:42 pm
#151
Join Date: Nov 2017
Posts: 3,359
Another point of confusion, the Marriott website says Starwood Guest database security incident. Last I checked Starwood (at least from an IT and branding perspective) ceased to exist in August. It's now just one Marriott (or as I like to call it SPMarriott). I also highly doubt that only Starwood reservations are impacted by this, it's likely the whole shebang given the sheer number of records involved and it was discovered after the integration of the two IT systems (September 2018). If we didn't have Equifax, Yahoo and the dozens of other security breaches I would be surprised.
Let's hope that SPMarriott offers a better goodwill gesture to their elites then free credit monitoring, a benefit found on even the most rudimentary of credit cards.
Safe Travels,
James
Let's hope that SPMarriott offers a better goodwill gesture to their elites then free credit monitoring, a benefit found on even the most rudimentary of credit cards.
Safe Travels,
James
Nov 30, 2018, 12:44 pm
#152
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
Nov 30, 2018, 12:51 pm
#153
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
Agree with punishment but I don't see any "punishment" really done to Target, TJMaxx, Yahoo, the IRS, previous hotel-related breaches and all those others. Equifax is still in business and still selling all of your information to third parties, some of whom may even be hacker orgs. Who knows.
Toothless fines have not made a dent because as the Target hack from Dec 2013 showed, companies - and banks - look at the odds and choose the path of least resistance: oh well, if it happens we'll spend some pennies and toss a few bones of refunds, new credit cards, credit monitoring etc, here and there.
Look at the recent hacks at BA and worse, CX. Responses from those questionably capable in-charges, Alex at BA/IAG and Rupert at CX: giant shrugs.
Did Arne at least offer a shrug?
.
Toothless fines have not made a dent because as the Target hack from Dec 2013 showed, companies - and banks - look at the odds and choose the path of least resistance: oh well, if it happens we'll spend some pennies and toss a few bones of refunds, new credit cards, credit monitoring etc, here and there.
Look at the recent hacks at BA and worse, CX. Responses from those questionably capable in-charges, Alex at BA/IAG and Rupert at CX: giant shrugs.
Did Arne at least offer a shrug?
.
Nov 30, 2018, 1:03 pm
#155
FlyerTalk Evangelist
Join Date: Apr 2008
Location: LGA/JFK/EWR
Programs: UA 1K1.75MM, Hyatt Globalist, abandoned Marriott LTT (RIP SPG), Hertz PC
Posts: 21,168
Nov 30, 2018, 1:05 pm
#156
Join Date: May 2013
Location: New York
Programs: UA Silver, Marriott LTPP, Hertz Five Star
Posts: 1,079
Another point of confusion, the Marriott website says Starwood Guest database security incident. Last I checked Starwood (at least from an IT and branding perspective) ceased to exist in August. It's now just one Marriott (or as I like to call it SPMarriott). I also highly doubt that only Starwood reservations are impacted by this, it's likely the whole shebang given the sheer number of records involved and it was discovered after the integration of the two IT systems (September 2018). If we didn't have Equifax, Yahoo and the dozens of other security breaches I would be surprised.
What was integrated:
- The rewards program was integrated under a single system, with the possibility to merge accounts from the prior legacy programs together.
- Booking via Marriott.com was now possible for both legacy Marriott and legacy Starwood properties as a booking engine.
- The existing Marriott hotels continued to use their PMS systems to connect to MARSHA (Marriott's reservation system).
- The existing Starwood hotels continued to use their PMS systems to connect to Starwood's Reservation system.
On the not integrated front, #2 is still very apparent for some Starwood brands on Marriott.com. Some Starwood brands have switched to Marriott Opera PMS and MARSHA as a reservation system in the past couple months (see here), but no brands were switched before September 8th, 2018 (when Marriott claims they discovered the unauthorized access to the Starwood reservation computers. In fact, some brands are still using the Starwood reservation computers.
Try this:
Search for Times Square, Manhattan, USA on Marriott.com.
Pick View Rates for the Sheraton. You remain on Marriott.com. This is because Sheratons were switched to Marriott Opera PMS/MARSHA reservations system at the end of October.
Now instead, pick View Rates for The Chatwal, a Luxury Collection Hotel, New York City. You get redirected to starwoodhotels.com, which is the old Starwood reservations system. This is because St. Regis, Luxury Collection, Aloft , and Element are still on the legacy Starwood reservations system.
In short, since the claim is that any stay from 2014 to September 10th 2018 at any Starwood property are compromised, that's totally credible given that all legacy Starwood brands were still using the legacy Starwoodhotels.com site/legacy Starwood reservation system on that date (the first batch, some Four points hotels, were switched to MARSHA on September 18th.)
Nov 30, 2018, 1:29 pm
#157
Join Date: Aug 2018
Posts: 902
To the extent people here on FT still distinguish between legacy MR and legacy SPG programs, this is solely a SPG issue.
Nov 30, 2018, 1:36 pm
#158
Suspended
Join Date: Sep 2014
Programs: AC SE100K-1MM, NH, DL, AA, BA, Global Entry/Nexus, APEC..
Posts: 18,877
The whole of Starwood and Marriott IT was never really integrated on 08/18.
What was integrated:
Try this:
Search for Times Square, Manhattan, USA on Marriott.com.
Pick View Rates for the Sheraton. You remain on Marriott.com. This is because Sheratons were switched to Marriott Opera PMS/MARSHA reservations system at the end of October.
Now instead, pick View Rates for The Chatwal, a Luxury Collection Hotel, New York City. You get redirected to starwoodhotels.com, which is the old Starwood reservations system. This is because St. Regis, Luxury Collection, Aloft , and Element are still on the legacy Starwood reservations system.
In short, since the claim is that any stay from 2014 to September 10th 2018 at any Starwood property are compromised, that's totally credible given that all legacy Starwood brands were still using the legacy Starwoodhotels.com site/legacy Starwood reservation system on that date (the first batch, some Four points hotels, were switched to MARSHA on September 18th.)
What was integrated:
- The rewards program was integrated under a single system, with the possibility to merge accounts from the prior legacy programs together.
- Booking via Marriott.com was now possible for both legacy Marriott and legacy Starwood properties as a booking engine.
- The existing Marriott hotels continued to use their PMS systems to connect to MARSHA (Marriott's reservation system).
- The existing Starwood hotels continued to use their PMS systems to connect to Starwood's Reservation system.
Try this:
Search for Times Square, Manhattan, USA on Marriott.com.
Pick View Rates for the Sheraton. You remain on Marriott.com. This is because Sheratons were switched to Marriott Opera PMS/MARSHA reservations system at the end of October.
Now instead, pick View Rates for The Chatwal, a Luxury Collection Hotel, New York City. You get redirected to starwoodhotels.com, which is the old Starwood reservations system. This is because St. Regis, Luxury Collection, Aloft , and Element are still on the legacy Starwood reservations system.
In short, since the claim is that any stay from 2014 to September 10th 2018 at any Starwood property are compromised, that's totally credible given that all legacy Starwood brands were still using the legacy Starwoodhotels.com site/legacy Starwood reservation system on that date (the first batch, some Four points hotels, were switched to MARSHA on September 18th.)
Exactly the issue I hinted at upthread. When I go to book the W TPE or Westin LAX, the Marriott site sends me to the SPG site.
The fact that the Marriott "IT" people think this is my problem is a testament to their complete incompetence.
And the clowns at Marriott keep telling me that "the SPG properties will migrate over in December".
So, when will my missing nights, stays and points "migrate" back to me?
This is absolutely Marriott's responsibility. They bought SPG and with it the legacy and liabilities.
The fact that all of us are caught in the crosshairs of poor management, well. I wonder if Arne et al will ever be held accountable.
Nov 30, 2018, 2:06 pm
#159
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,404
This is a Marriott issue inasmuch as Starwood LLC is now a wholly owned division of Marriott International, and Marriot will be footing the entire bill for any of Starwood’s prior wrongdoings.
To the extent people here on FT still distinguish between legacy MR and legacy SPG programs, this is solely a SPG issue.
Yesterday I was logged into my SPG account and looking at rates for a Sheraton. It directed me to the Starwood website (purple page with the spinning circle) and then the room rates pages I saw looked exactly as they did before the merger. Doesn't this mean that not all Sheratons have migrated to Marriott?
Nov 30, 2018, 2:17 pm
#160
Join Date: May 2013
Location: New York
Programs: UA Silver, Marriott LTPP, Hertz Five Star
Posts: 1,079
Yesterday I was logged into my SPG account and looking at rates for a Sheraton. It directed me to the Starwood website (purple page with the spinning circle) and then the room rates pages I saw looked exactly as they did before the merger. Doesn't this mean that not all Sheratons have migrated to Marriott?
Some Starwood properties are not migrated yet (Luxury Collection, St. Regis, Aloft, Element) and other brands are switching to Marriott reservations system this week (Westin/Le Meridien/W Hotels/Design Hotels).
Rule of thumb is
- If the view rates page keeps you on marriott.com - property was legacy marriott or legacy starwood that has been migrated to MARSHA
- If the view rates page takes you to starwoodhotels.com - property is still on the legacy Starwood reservations system.
Nov 30, 2018, 2:23 pm
#161
Join Date: Dec 2006
Location: SNA
Programs: Bonvoy LTTE/AMB, AmEx Plat, National EE, WN A-List, CLEAR+, Covid-19
Posts: 4,964
If there was any (hard) evidence required of the level of irrational hatred of MR by SPG loyalists, this thread is it.
Imagine that after some time and negotiation, I finally buy a classic car I've been interested in for a while. In the process of cleaning it up to get it show-ready, I find hairs in the grill that are then later found to be connected to the victim of a fatal hit-and-run that happened years ago. If some here on FT had their way, I would be on trial for first-degree murder.
Imagine that after some time and negotiation, I finally buy a classic car I've been interested in for a while. In the process of cleaning it up to get it show-ready, I find hairs in the grill that are then later found to be connected to the victim of a fatal hit-and-run that happened years ago. If some here on FT had their way, I would be on trial for first-degree murder.
Nov 30, 2018, 2:24 pm
#162
Join Date: Oct 2013
Location: ORD
Programs: UA Silver, Marriott Platinum/LT Platinum, Hilton Gold
Posts: 5,594
1. SPG is dead (true!) -- perhaps you should be thankful because if it still existed, maybe the data breach would still be undetected.
2. Marriott is awful (because they found the problem in the SPG system that's been present since 2014) -- I see no connection to how you feel about Marriott as a corporation. How you should judge them on this issue is how they respond. It seems like there's more to come on that, although I haven't read through all the details yet.
3. The Starwood "program" was great because it allowed easy access for hackers. -- None of this has anything to do with either SPG's or Marriott's loyalty program.
With all due respect, you seem confused. But at least you took the correct action in cancelling your compromised credit card.
Wow what a fiasco of a merger... It is really not that interesting if we attribute this to SPG Mickey Mouse security protocols or a subpar due diligence by Marriott the end result is a fiasco merger at best or catastrophic merger at worst. Mr Sorenson should thank his lucky star if he survives this.
Again, right on. What defines Marriott and it's leadership in this issue is how they react. You can't blame them for anything that happened until now. If they follow the merger pattern of no helpful communication to those affected by this problem, they fail. So let's give them a chance to respond and grade them after, not now as many seem to be doing. The reality is data breaches are a part of life now. I've had to change one credit card twice in just a few years. I've had my personal email accounts hacked several times over the years. I've had PayPal issues. If this causes anger and panic, I feel for those people who are going to have to live in an increasingly digital world. You have to accept the risk with the reward in any transaction these days.
Nov 30, 2018, 2:29 pm
#163
Join Date: Dec 2007
Location: SFO
Programs: UA 1MM, Marriott LTP, Hilton Gold, Hyatt Explorist, Hertz PC
Posts: 1,003
Exactly. The primary issue of all this is identity theft. If a thief has enough info (SS#, Passport, addresses, etc.) they could attempt to pretend they are you and open credit lines using your info. Then they could run up credit and not pay and the institution may go after you (thinking you're the one who did it). If it happens it's a long drawn out process to prove it wasn't you. With that said, banks (etc.) oftentimes put you through the 5 question security check which the thieves need to get through (and that info is not always avail on the data they stole). In fact, I even sometimes get my 5 questions wrong as they sometimes go back decades. So even with our passport # and ss#, etc. - it's not that easy to imitate someone.
If you're really worried you can join an identity theft service or buy an umbrella policy that covers Identity theft.
I think most people just get upset that their data was stolen and they don't like the feeling of it being out there. But in reality, it's a very small % of people who are ultimately victims of identity theft (but for those who are it's a huge headache). I had a friend who was and it took her over a year of work and some real funds to straighten it out.
If you're really worried you can join an identity theft service or buy an umbrella policy that covers Identity theft.
I think most people just get upset that their data was stolen and they don't like the feeling of it being out there. But in reality, it's a very small % of people who are ultimately victims of identity theft (but for those who are it's a huge headache). I had a friend who was and it took her over a year of work and some real funds to straighten it out.
A guest on Neil Cavudo’s morning show said criminals could duplicate passports by using someone’s passport number. I am not so sure. I have heard that a physical passport can be used to make a fake- but with just a number?
So I am really not so sure about the usefulness of one’s passport number to a criminal. Perhaps we shouldn’t worry about it? Anyone else care to enlighten us?
Nov 30, 2018, 2:31 pm
#164
Join Date: Sep 2006
Location: HNL
Programs: UA GS4MM, MR LT Plat, Hilton Gold
Posts: 6,447
Lot's of paranoia in this thread.
Data Breaches aren't exactly uncommon. And just because you can see the read the data, doesn't mean you can actually do anything with it if it is encrypted or incomplete.
If the door has been open at least 4 years - I'd certainly think someone by now would have been impacted - and I haven't read anything that any particular person has had an issue.
Data Breaches aren't exactly uncommon. And just because you can see the read the data, doesn't mean you can actually do anything with it if it is encrypted or incomplete.
If the door has been open at least 4 years - I'd certainly think someone by now would have been impacted - and I haven't read anything that any particular person has had an issue.
Nov 30, 2018, 2:33 pm
#165
Suspended
Join Date: Sep 2014
Programs: AC SE100K-1MM, NH, DL, AA, BA, Global Entry/Nexus, APEC..
Posts: 18,877
The breach is secondary to the collective punishment many of us feel because of the merger, the IT issues alone prior to this breach and the often "poor" responses for Marriott execs and yes, Arne. Some of the fluff in yesterday's WSJ article as well as other public comments he has made, are perfect examples.
So, you may think some SPG-loyalists have a hate-on for Marriott, especially given how poor the merger and integration was and now with this breach. I think plenty were not thrilled long before and especially those of us who were members of both.