Nov 30, 2018, 5:05 am
Last edit by: MasterGeek
From Starwood Lurker team :
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Starwood/Marriott Data Breach 500 Million Guests affected, Marriott fined £18.4m
Aug 11, 2019, 7:57 am
#571
Join Date: Feb 2009
Location: SEA
Programs: UA SP, DL SM MM, AS 75K, SPG Platinum, Hyatt Diamond.
Posts: 2,596
That's not unclear at all. Marriott says you need to show what "fraudulent activity occurred using your passport number."
You'll note that unlike previous data thefts, credit card companies haven't been swapping out credit cards. In fact, the credit card company most likely to notice fraudulent activity would be Amex since they issued the SPG Amex card and the CEO says they have not seen any evidence of fraudulent activity in credit cards.
You'll note that unlike previous data thefts, credit card companies haven't been swapping out credit cards. In fact, the credit card company most likely to notice fraudulent activity would be Amex since they issued the SPG Amex card and the CEO says they have not seen any evidence of fraudulent activity in credit cards.
Sep 4, 2019, 6:16 am
#572
Original Member
Join Date: May 1998
Location: Orange County, CA, USA
Programs: AA (Life Plat), Marriott (Life Titanium) and every other US program
Posts: 6,411
The judge handling the class action just issued an order requiring Marriott to make public the investigative report that discusses how the breach happened and why it wasn't detected for several years (including, maybe, why Marriott didn't discover the breach which was ongoing during the due diligence which was done as part of the Starwood acquisition.) This is essentially a First Amendment ruling. That is, the report was filed in the court case "under seal." But the Judge has ruled that the public has the right to know what is happening in the courts, so he is removing the seal. There will still be some delay because Marriott gets to present arguments to a special master about whether certain specific technical information, which might affect security on their current operations, should be redacted (i.e. - removed from the public version).
Sep 4, 2019, 11:09 am
#573
FlyerTalk Evangelist
Join Date: Jun 2007
Location: Toronto
Programs: UA 1K, AC MM E75, Marriott LT Ti, IHG Dia Amb, Hyatt Glob
Posts: 15,521
Too funny
A friend thought her passport may have been compromised, so she replaced it and submitted a claim for the cost to Marriott. On the website where she can look up the status of her claim, she found this:
Only problem is her name isn't Tracy Cxxxxxxxxxxxxx.
From: Privacy Team
8/2/2019, 11:31 AM -04:00 EDT
Dear Tracy Cxxxxxxxxxxx,
We are in receipt of your inquiry regarding whether your personal data was involved in the recent Starwood Guest Reservation Database security incident.
Based on the information you provided to us, we do not see any indication that your information was involved in the incident.
If you have additional questions or concerns, please let us know.
Thank you.
Marriott Privacy Center
Dear Tracy Cxxxxxxxxxxx,
We are in receipt of your inquiry regarding whether your personal data was involved in the recent Starwood Guest Reservation Database security incident.
Based on the information you provided to us, we do not see any indication that your information was involved in the incident.
If you have additional questions or concerns, please let us know.
Thank you.
Marriott Privacy Center
Only problem is her name isn't Tracy Cxxxxxxxxxxxxx.
Last edited by margarita girl; Sep 4, 2019 at 12:00 pm
Sep 9, 2019, 6:01 pm
#574
Moderator, El Al and Marriott Bonvoy, FlyerTalk Evangelist
Join Date: Feb 2005
Location: SIN
Programs: SQ*G, Mar LTT, Hyatt Glb, AA LTG, LY, HH, IC, BA, DL, UA SLV
Posts: 12,018
Bet someone at Marriott forgot to turn off this result page in the CDN cache. Had this happen with a hospital appointment booking page. Saw another patient’s details and the doctor they were seeing which gave away their condition. The CIO was my customer so I contacted him and they had forgotten to exclude that page from caching.
Small issue easily fixed. In the scheme of things it doesn’t seem any of Tracy’s personal info was shared other than her name. Amateur hour continues at Marriott IT.
Small issue easily fixed. In the scheme of things it doesn’t seem any of Tracy’s personal info was shared other than her name. Amateur hour continues at Marriott IT.
Oct 30, 2020, 8:18 am
#575
Moderator: British Airways Executive Club, Marriott Bonvoy
Join Date: May 2006
Location: Englandshire
Programs: SPG LT Plat, BA G, BD*LG, MG Blue+ ...
Posts: 16,032
Marriott Hotels fined £18.4m
https://www.bbc.co.uk/news/technology-54748843
The UK's data privacy watchdog has fined the Marriott Hotels chain £18.4m ($24m) for a major data breach that may have affected up to 339 million guests.
The Information Commissioner's Office (ICO) said names, contact information, and passport details may all have been compromised in a cyber-attack.
The breach included seven million guest records for people in the UK.
This compares to the £20m fine recently imposed on British Airways for a similar data breach.
The UK's data privacy watchdog has fined the Marriott Hotels chain £18.4m ($24m) for a major data breach that may have affected up to 339 million guests.
The Information Commissioner's Office (ICO) said names, contact information, and passport details may all have been compromised in a cyber-attack.
The breach included seven million guest records for people in the UK.
This compares to the £20m fine recently imposed on British Airways for a similar data breach.
BBC Analysis
In some ways you can feel sorry for Marriott.
In all the boardroom discussions about the company's takeover of Starwood, I bet it never realised that a hacker was already lurking inside the valuable databases they were buying.
The cyber-criminals had been in the systems for years, and were effectively thrown into the merger deal without Marriott having a clue.
Herein lies the issue, though - it seems the larger hotel didn't check what it was buying.
In some ways you can feel sorry for Marriott.
In all the boardroom discussions about the company's takeover of Starwood, I bet it never realised that a hacker was already lurking inside the valuable databases they were buying.
The cyber-criminals had been in the systems for years, and were effectively thrown into the merger deal without Marriott having a clue.
Herein lies the issue, though - it seems the larger hotel didn't check what it was buying.
Last edited by Oxon Flyer; Oct 30, 2020 at 8:27 am
Oct 30, 2020, 11:52 am
#576
Original Member
Join Date: May 1998
Location: Orange County, CA, USA
Programs: AA (Life Plat), Marriott (Life Titanium) and every other US program
Posts: 6,411
There was a major development in litigation related to the breach a couple of days ago. It talked about how Accenture might have a direct "duty of care" to the customers because they were responsible for managing the guest reservation database at Starwood. According to the story (there was a 50-page order by the judge that I haven't yet read) it included 5 million unencrypted passport numbers, 9 million credit/debit cards, and was ongoing for at least 4 years without detection. The judge said: "If a defendant —like Accenture — is aware of a determinant class of potential claimants, whose interests as a group it contractually undertook to protect through the exercise of reasonable care, it can hardly complain when, as a result of its alleged failure to live up to its promise, a member of that class sues them," the judge wrote.