Go Back  FlyerTalk Forums > Miles&Points > Hotels and Places to Stay > Marriott | Marriott Bonvoy
Reload this Page >

Marriott Data Breach [from Starwood database] : 500 Million Guests affected

Marriott Data Breach [from Starwood database] : 500 Million Guests affected

    Hide Wikipost
Old Apr 4, 19, 10:42 pm   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: MasterGeek
Wiki Link
From Starwood Lurker team :
Please visit  info.starwoodhotels.com  for more information about this incident, available resources and steps you can take.

Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.

http://uk.businessinsider.com/marrio...8-11?r=US&IR=T
https://www.prnewswire.com/news-rele...300758155.html

You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Print Wikipost

Reply

Old Feb 24, 19, 5:49 pm
  #466  
 
Join Date: Oct 2004
Location: Bay Area
Programs: DL SM, UA MP.
Posts: 9,865
So I once had an SPG Amex and stayed at at some Starwood properties, booked through the Starwood site.

All in the US, so I don't believe I ever gave them my passport.

Also may have stayed at a Courtyard but booked through 3rd-party sites. Never had an account at Marriott's web site.

Now I have been automatically given some kind of Marriott status as a UA MP Gold and maybe I clicked on a link but never set up any kind of login and never booked though their site.

Do I need to inquire as to whether I was hacked? Well I've been hacked before so my credit report is frozen at the 3 bureaus.

Marriott sounds like a sleazy company, apart from the data hack and their response to it. I guess they're charging thousands of dollars as deposit for people who redeem nights or stays too.
wco81 is online now  
Reply With Quote
Old Mar 1, 19, 3:08 pm
  #467  
 
Join Date: Apr 2017
Location: FRA
Programs: Hilton Dia, Marriott PP, UA *G, SK Dia
Posts: 130
So I had filled out the data form to figure out whether my data was affected a couple weeks ago and today I received this:

Based on the information you provided to us, we believe that your information was involved. Following our analysis, we believe that the following information about you was involved in the incident:

∑ Name
∑ Birthdate
∑ Birthday (Month and Day Only)
∑ Address Information
∑ Primary Email Address
∑ Primary Phone Number
∑ Other Phone Information
∑ Passport Issuing Country
∑ Starwood Preferred Guest (SPG) Number
∑ Starwood Preferred Guest (SPG) Loyalty Status and Balances
∑ Guest Frequent Traveler Program Information
∑ Starwood Executive Traveler Number
∑ Guest Opt-In Preferences
∑ Email Communication Preferences
∑ Reservation Details
∑ Flight Information
∑ Central Starwood Unique Record Locator
∑ Employed at Starwood (Y/N)
∑ Record History Information
Not sure what I had expected, but it seems like credit card information was not exposed (if you can believe this information ).
flockavelliFT is offline  
Reply With Quote
Old Mar 1, 19, 4:03 pm
  #468  
 
Join Date: Apr 2003
Location: DEN/BDL/LGA/HPN
Programs: Marriott Ambassador; AA EXP 2MM; AS MVP, Hilton Gold, CH-47/UH-60/C-23/C-130 VET
Posts: 4,948
Originally Posted by flockavelliFT View Post
So I had filled out the data form to figure out whether my data was affected a couple weeks ago and today I received this:

Not sure what I had expected, but it seems like credit card information was not exposed (if you can believe this information ).
I believe the American Express CEO noted in response to questions about the breach at the earnings call that they had not seen any unusual activity with the SPG Amex Cards.

And, of course, sophisticated state actors seeking to continue to develop a massive database of information don't usually use your credit card info.
C17PSGR is offline  
Reply With Quote
Old Mar 1, 19, 5:01 pm
  #469  
SPG 5+ Badge
 
Join Date: Jun 2003
Location: La Jolla, CA
Programs: Ambassador, Lifetime Titanium, Delta Plat, Hilton Diamond (C) Hyatt Explorist (M)
Posts: 2,426
Could be related, could be a coincidence, but last night Amex fraud called me because someone tried to charge my old Legacy Amex SPG card that hasnít been out of my possession.
damon88 is offline  
Reply With Quote
Old Mar 4, 19, 12:24 pm
  #470  
 
Join Date: Sep 2009
Location: London
Posts: 163
I've filled out the data form and got response that my data was taken, including passport details. The email didn't take a lot of time and was clear. Since I'm not in US, if I'm not mistaken, Marriott is not offering anything, no sort of protection and/or monitoring?
With Marriott and BA breaches impacting me, all my information is now out in the wild.
bruno-s is offline  
Reply With Quote
Old Mar 4, 19, 1:30 pm
  #471  
 
Join Date: Oct 2004
Location: Bay Area
Programs: DL SM, UA MP.
Posts: 9,865
What are the reasons to continue to patronize Marriott, given their shoddy business practices, not just with data protection but charging big deposits without disclosure on award redemptions?

Is it that they're too big now, with so many hotel chains and brands?

Or that they offer all those points with credit card offers these days?
wco81 is online now  
Reply With Quote
Old Mar 4, 19, 1:42 pm
  #472  
 
Join Date: Dec 2006
Location: SJC
Programs: Bonvoy Tit Forever, AmEx Plat, National EE, WN CP, CLEAR
Posts: 3,576
None. Please stop giving them business.

(... one fewer Elite I have to compete with now )
kennycrudup is offline  
Reply With Quote
Old Mar 4, 19, 1:45 pm
  #473  
 
Join Date: Oct 2004
Location: Bay Area
Programs: DL SM, UA MP.
Posts: 9,865
I think I stayed once at Marriott hotel and I didn't collect points or anything, booked through booking.com.

I may have some kind of status because I'm a UA Gold. Somehow I get emails from them.

But I've never logged into their site (I was an SPG member several years ago though, for a brief time).
wco81 is online now  
Reply With Quote
Old Mar 4, 19, 2:53 pm
  #474  
 
Join Date: Jan 2016
Programs: UA 1K; *G, AA Plat
Posts: 1,669
Originally Posted by flockavelliFT View Post
So I had filled out the data form to figure out whether my data was affected a couple weeks ago and today I received this:



Not sure what I had expected, but it seems like credit card information was not exposed (if you can believe this information ).
Just so I can search my "spam" box, can you say who/where this email came from?
laxmillenial is offline  
Reply With Quote
Old Mar 4, 19, 5:36 pm
  #475  
 
Join Date: Apr 2017
Location: FRA
Programs: Hilton Dia, Marriott PP, UA *G, SK Dia
Posts: 130
Originally Posted by laxmillenial View Post
Just so I can search my "spam" box, can you say who/where this email came from?
Email is from "[email protected]" and the subject contains "Your Privacy Request needs action".
flockavelliFT is offline  
Reply With Quote
Old Mar 4, 19, 6:11 pm
  #476  
 
Join Date: Mar 2018
Location: Virginia
Programs: Hyatt / SPG
Posts: 61
Marriott CEO to testify before U.S. Senate panel on data breach

Looks like Arne is in some deep trouble now BonVoy is about to be turned into a bonfire

https://www.cnbc.com/2019/03/04/reut...ta-breach.html

Last edited by Star_Guy; Mar 4, 19 at 6:22 pm
Star_Guy is offline  
Reply With Quote
Old Mar 4, 19, 6:16 pm
  #477  
A FlyerTalk Posting Legend
 
Join Date: Apr 2013
Location: SFO
Programs: UA 1K 1MM; AS MVPG; Marriott Plat Premier; Hilton Diamond (Aspire); Hyatt Refugeeist
Posts: 40,040
His handlers must be melting down. This is a guy who thinks you need a passport to make a hotel reservation.
Star_Guy likes this.
Kacee is online now  
Reply With Quote
Old Mar 4, 19, 6:50 pm
  #478  
 
Join Date: Dec 2009
Location: COS
Programs: UA Plat/1.5MM, SPG P100, Marriott LTP(P, coming to you in Jan '19), Hertz Prez, CBP GE, et al
Posts: 1,790
So according to their own filings/accounting, after relatively minimal insurance proceeds, this massive data breach cost Marriott less than one US cent per compromised guest account.

Interesting.
CCIE_Flyer is online now  
Reply With Quote
Old Mar 4, 19, 7:53 pm
  #479  
FlyerTalk Evangelist
 
Join Date: May 2002
Location: Pittsburgh
Programs: MR/SPG LT PLT, AA LT PLT, HH GLD, UA SLV, Avis PreferredPlus
Posts: 24,593
Originally Posted by Star_Guy View Post
[left]Looks like Arne is in some deep trouble now BonVoy is about to be turned into a bonfire
I don't see anything that says he was subpoenaed to testify or is being forced to testify. It's likely framed as "let us share our experience of what evil people can do so we can help prevent if from happening to others". Completely altruistic.

I suspect it will be "tell us what happened" and maybe some softball questions.
CPRich is offline  
Reply With Quote
Old Mar 4, 19, 7:58 pm
  #480  
FlyerTalk Evangelist
 
Join Date: Apr 2008
Location: LGA/JFK/EWR
Programs: UA 1KMM, Hyatt Explorist, abandoned Marriott LTT (RIP SPG), Hertz PC
Posts: 19,385
Lock Him Up!
UA-NYC is offline  
Reply With Quote

Thread Tools
Search this Thread