Go Back  FlyerTalk Forums > Miles&Points > Hotels and Places to Stay > Marriott | Marriott Bonvoy
Reload this Page >

Marriott Data Breach [from Starwood database] : 500 Million Guests affected

Marriott Data Breach [from Starwood database] : 500 Million Guests affected

    Hide Wikipost
Old Apr 4, 19, 10:42 pm   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: MasterGeek
Wiki Link
From Starwood Lurker team :
Please visit  info.starwoodhotels.com  for more information about this incident, available resources and steps you can take.

Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.

http://uk.businessinsider.com/marrio...8-11?r=US&IR=T
https://www.prnewswire.com/news-rele...300758155.html

You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Print Wikipost

Reply

Old Apr 5, 19, 6:44 am
  #541  
 
Join Date: Oct 2013
Location: ORD
Programs: UA Silver, Marriott Titanium/LT Platinum, Hilton Gold, AA Platinum
Posts: 4,328
Originally Posted by Orange County Commuter View Post
Does anyone know why you would bother to get a new passport? What is someone going to do with that? Immigrate?

As for the rest of the OPs demands, he/she can try. Who cares? I doubt they will meet his/her request because the issue and the 'remediation' aren't at all related LOL!

(Yeah I like the excuse of "I quit staying due to your breach, but now I want you to love me again")
There are countless things someone could do with a government-issued ID. Allowing someone with ill intent (or not) to get into your home country is just one of the things. Those other things may or may not harm the OP. That said, I'm with the contingent that thinks data breaches ;whether at SPG or other places, are now an unfortunate part of our lives, and you can't run to replace a license and passport every time something happens. The most immediate threat is the credit card, so take care of that.

They're certainly not a reason to be gifted with something you're not entitled to...and in the OP's case, for something he doesn't seem to want since he quit Marriott after learning about the SPG data breach. Of all the restitution I'd want as a victim of a data breach, a silly hotel status would have been the last thing to cross my mind.
JBord is offline  
Reply With Quote
Old Apr 5, 19, 7:34 am
  #542  
 
Join Date: May 2002
Programs: AAdvantage Platinum, United Silver, Marriott Titanium Elite
Posts: 1,594
Originally Posted by dgcpaphd View Post
I was Platinum until 2/28 of this year. I got demoted to Gold because I did not have enough nights in 2018 to keep Platinum for this year (2019).

I stopped using Marriott last year after I learned of Marriott's data breach.

...

In view of the fact that I was Platinum through February of this year, does anyone know if I can get my Platinum restored for the remainder of this year which will allow me to earn the status for 2120?

Considering the data breach, will Marriott restore Platinum status to those who lost it this year due to an insufficient number of stays?

...
Marriott announced the data breach on November 30, 2018. In other words, 2018 was almost over.

dgcpaphd, how many nights in 2018 had you stayed at that point? Did you have enough nights reserved for December 2018 to put you at 75 nights, but then cancelled those reservations? Even then, I agree with the others here who have posted not to expect to be gifted Platinum Elite.

When Marriott acquired Starwood in 2016, Marriott got many good things... great brands, hotels all over the world affiliated with those brands, millions of SPG members, corporate cost synergies, and competitive advantages. But Marriott also got the Starwood guest reservation database, which, unbeknownst to Marriott at the time, had been breached in 2014. The breach continued for years. When it was discovered and disclosed by Marriott, it was Marriott's problem. It was was legitimately called a Marriott data breach. It didn't matter that it came from Starwood.

Yes, data breaches are bad thing. Whenever there's a news story about a data breach, it makes me wonder how many data breaches there are that have never been discovered.
margarita girl likes this.
Horace is offline  
Reply With Quote
Old Apr 5, 19, 10:10 am
  #543  
 
Join Date: Apr 2003
Location: DEN/BDL/LGA/HPN
Programs: Marriott Ambassador; AA EXP 2MM; AS MVP, Hilton Gold, CH-47/UH-60/C-23/C-130 VET
Posts: 4,926
And, lets keep in mind, this really isn't a breach. Its a theft by a sophisticated state actor and even though the theft started several years ago, there hasn't been the slightest evidence of any actual impact. One would think Amex would have spotted any issues at least a couple of years ago because of the SPG Amex card and they've clearly stated they haven't.

I don't remember hearing about drivers license info before but may have missed it. As most of us know, many countries require hotels keep passport info. The legacy Starwood approach was to centrally store the info while the legacy Marriott approach was to keep it at the hotel. Both have their advantages and disadvantages.

As for the passport info, I've swiped my passport in at least 10 countries this year. Other than perhaps the US and UK, I suspect the other countries databases have all been compromised by the same state actor. It's just another brick in the wall of data being collected ....

Data privacy laws in this situation are a bit silly. The US and EU all know what happened here but have made a political decision to ignore it.
C17PSGR is online now  
Reply With Quote
Old Apr 5, 19, 1:18 pm
  #544  
 
Join Date: Apr 2008
Posts: 2,329
Originally Posted by Horace View Post

dgcpaphd, how many nights in 2018 had you stayed at that point? Did you have enough nights reserved for December 2018 to put you at 75 nights, but then cancelled those reservations? Even then, I agree with the others here who have posted not to expect to be gifted Platinum Elite.
Hi, it did not take 75 nights for Platinum status, it took 50. Check with Marriott.

I already had Platinum status. I was close to requalifying for 2019.

My simple question here turned out some good responses. The hostile responses are puzzling.

Nonetheless, I learned from the various posts that it is unlikely I can get back my Platinum status for this year.

That was my question. Thanks to all who answered civilly.
dgcpaphd is offline  
Reply With Quote
Old Apr 5, 19, 2:09 pm
  #545  
 
Join Date: Feb 2019
Posts: 94
Originally Posted by Cledaybuck View Post
You never know. AA decided to make me and many others elite just for the hell of it. You are right about FT though.
Did AA give you platinum or gold?

In this case, if Marriott was to give out elite status due to the breach (and I don't think that they will), it would probably be Silver Elite. That way people would be considered elite without costing Marriott much of anything in regards to benefits. The main benefits silver members get is the key card that says 'elite' on it.
Jaunts is offline  
Reply With Quote
Old Apr 5, 19, 2:15 pm
  #546  
FlyerTalk Evangelist
 
Join Date: May 2002
Location: Pittsburgh
Programs: MR/SPG LT PLT, AA LT PLT, HH GLD, UA SLV, Avis PreferredPlus
Posts: 24,577
Originally Posted by JBord View Post
There are countless things someone could do with a government-issued ID. Allowing someone with ill intent (or not) to get into your home country is just one of the things.
I wasn't aware that the breach yielded physical government-issued IDs. How did that work?

Or, alternately, that you could enter a country with a string of digits (which is what is being discussed). How does that work?

For anyone going through the effort to construct a valid physical passport that passes all scrutiny at entry to the country, getting a number is trivial.
CPRich is offline  
Reply With Quote
Old Apr 5, 19, 2:18 pm
  #547  
 
Join Date: Feb 2019
Posts: 94
Originally Posted by AtomicLush View Post
Wow, people are jaded on this forum. Breach of your privacy should not be the norm. There are data privacy laws that specifically try to prevent these from being the norm. In any case, OP - your best bet for compensation would be joining the class action (which will net customers next to nothing, but the lawyers in millions) or opt of the class action and suing individually. There are too many people affected by the breach (me being one of them) for Marriott to handle one by one.
I am jaded. Companies would spend more on encryption and cyber security if they were held more accountable for the damage done by the data leaks. My info has been compromised by a lot of corporations. And it is basically my responsibility to make sure the leaked info won't hurt me, not the company that inadvertently leaked the data. Did Marriott even offer free identity theft monitoring service for a year or something like that? Target, Anthem and Home Depot did, if I remember correctly.

People just need to assume that their info is for sale on the dark web, and plan around it.
mikesyr18 likes this.
Jaunts is offline  
Reply With Quote
Old Apr 5, 19, 2:47 pm
  #548  
 
Join Date: Oct 2013
Location: ORD
Programs: UA Silver, Marriott Titanium/LT Platinum, Hilton Gold, AA Platinum
Posts: 4,328
Originally Posted by CPRich View Post
I wasn't aware that the breach yielded physical government-issued IDs. How did that work?

Or, alternately, that you could enter a country with a string of digits (which is what is being discussed). How does that work?

For anyone going through the effort to construct a valid physical passport that passes all scrutiny at entry to the country, getting a number is trivial.
Fair point. Maybe nothing could be done to create a fake passport with the numbers. I guess I'd make a lousy criminal . And to your point, and my earlier one, a credit card is much, much more useful online than a passport number would be.
JBord is offline  
Reply With Quote
Old Apr 5, 19, 2:50 pm
  #549  
 
Join Date: Apr 2003
Location: DEN/BDL/LGA/HPN
Programs: Marriott Ambassador; AA EXP 2MM; AS MVP, Hilton Gold, CH-47/UH-60/C-23/C-130 VET
Posts: 4,926
Originally Posted by Jaunts View Post
I am jaded. Companies would spend more on encryption and cyber security if they were held more accountable for the damage done by the data leaks. My info has been compromised by a lot of corporations. And it is basically my responsibility to make sure the leaked info won't hurt me, not the company that inadvertently leaked the data. Did Marriott even offer free identity theft monitoring service for a year or something like that? Target, Anthem and Home Depot did, if I remember correctly.

People just need to assume that their info is for sale on the dark web, and plan around it.
In this case, there's not the slightest evidence that information potentially stolen from the SPG reservation system is for sale on the dark web,. For Target and Home Depot, it was readily apparent that information was being sold. Affinity based credit cards offered by the banks/Amex are essentially the canary in the coal mine so that they can catch their is an unusual fraud activity on certain types. Amex has specifically stated it has not seen any such activity.

Any sophisticated state actors with unlimited resources might stop stealing data if there was at least a political price to pay.

But, like everyone, we should check our credit reports frequently -- it's free in the US -- https://www.annualcreditreport.com/index.action

Also consider "locking" your credit, which is free.

And, of course, every time you enter most countries or have your data collected by most airlines, there is a substantial risk that a sophisticated state actor will collect that information and put it into the same database with the data allegedly stolen from the SPG system.
C17PSGR is online now  
Reply With Quote
Old Apr 5, 19, 3:53 pm
  #550  
 
Join Date: May 2002
Programs: AAdvantage Platinum, United Silver, Marriott Titanium Elite
Posts: 1,594
Originally Posted by dgcpaphd View Post
Hi, it did not take 75 nights for Platinum status, it took 50. Check with Marriott.

I already had Platinum status. I was close to requalifying for 2019.

My simple question here turned out some good responses. The hostile responses are puzzling.

Nonetheless, I learned from the various posts that it is unlikely I can get back my Platinum status for this year.

That was my question. Thanks to all who answered civilly.
Good point that the threshold for Platinum Elite status became 50 nights with the introduction of the combined program in August 2018, and remained that way after the program was rebranded to Marriott Bonvoy earlier this year. (As a longtime Marriott Rewards member, I still think of Platinum Elite as the 75-night tier, even though I know 75 nights changed to Platinum Premier Elite and is now Titanium Elite.)

dgcpaphd, I should have asked, how close did you come to 50 nights during the first 11 months of 2018? If you were close to 50 nights when the Starwood reservation database breach was announced, and you then stopped staying at any of Marriott's brands until the dust cleared, you might be able to make a case that you were on track to make Platinum Elite had it not been for the breach. But I don't think any of us can make a case that we deserve to be bumped up one status tier just because of the breach.
C17PSGR and margarita girl like this.

Last edited by Horace; Apr 5, 19 at 4:00 pm
Horace is offline  
Reply With Quote
Old Apr 5, 19, 4:32 pm
  #551  
 
Join Date: Jun 2015
Location: DAY
Programs: Rapid Rewards, Skymiles, Hilton HHonors, SPG/Marriott Rewards
Posts: 1,204
Originally Posted by Jaunts View Post
Did AA give you platinum or gold?

In this case, if Marriott was to give out elite status due to the breach (and I don't think that they will), it would probably be Silver Elite. That way people would be considered elite without costing Marriott much of anything in regards to benefits. The main benefits silver members get is the key card that says 'elite' on it.
Platinum. As for Marriott, I don’t think they will give out any status either. I wouldn’t even bother giving out silver as it will just make people feel becoming elite is worthless because basically silver is worthless.
Cledaybuck is offline  
Reply With Quote
Old Apr 6, 19, 8:45 am
  #552  
 
Join Date: Dec 2007
Location: Canada
Posts: 964
In regards to the Data Breach..........it happens in todays world. I get that. The one thing that frustrated me is that everything became so nonchalant for Marriott with all the failures and this just added to it (regardless if it was SPG or not they had to deal with it).
I received the same email - so generalized but yet tells you that TONS of your information was involved. That's it, nothing more?
The email said you have (if I recall correctly) 30 days to respond to the email for questions etc., and after that your email will go nowhere! Because this transition was a damn GONG SHOW and I sincerely feel Marriott does not give one flying %$ to the customer aspect, I responded asking for some more details because the email they sent to thousands of people was novice to say the least.
...I never received any response back. Simply goes to show Marriott's great customer service.

I without a doubt will be moving my business elsewhere after the next 9 months. I will reach my lifetime Plat status and will move my business elsewhere. That is my plan right now anyway. I just can't believe the difference in service since SPG was laid to rest. Unbelievable difference in so many ways.
UA-NYC likes this.
Bravada04 is offline  
Reply With Quote
Old Apr 22, 19, 5:38 pm
  #553  
 
Join Date: Dec 2007
Location: Canada
Posts: 964
I received an email today from "Marriott Privacy"..........it asks me to open the request. I do that and then it says my link has expired (albeit I just received the email today?).

It asks me to type in my email address and they will send me a new access token?

I have no idea what this is or if I want to enter my email address?

Update: I did get a new link and was able to access the webpage. The webpage is BLANK! I would sure like to know if the information they are sending me is important? What gong show! Just have to laugh.

Last edited by Bravada04; Apr 22, 19 at 5:49 pm
Bravada04 is offline  
Reply With Quote
Old Apr 22, 19, 5:49 pm
  #554  
 
Join Date: Dec 2006
Location: SJC
Programs: Bonvoy Tit Forever, AmEx Plat, National EE, WN CP, CLEAR
Posts: 3,573
NO!!!
kennycrudup is offline  
Reply With Quote
Old Apr 22, 19, 5:49 pm
  #555  
 
Join Date: Dec 2006
Location: SJC
Programs: Bonvoy Tit Forever, AmEx Plat, National EE, WN CP, CLEAR
Posts: 3,573
I had to get a reply to you ASAP, as that's most certainly a phishing attempt! Send it to trash right away.
C17PSGR likes this.
kennycrudup is offline  
Reply With Quote

Thread Tools
Search this Thread