Go Back  FlyerTalk Forums > Miles&Points > Hotels and Places to Stay > Marriott | Marriott Bonvoy
Reload this Page >

Marriott Data Breach [from Starwood database] : 500 Million Guests affected

Marriott Data Breach [from Starwood database] : 500 Million Guests affected

    Hide Wikipost
Old Apr 4, 19, 10:42 pm   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: MasterGeek
Wiki Link
From Starwood Lurker team :
Please visit  info.starwoodhotels.com  for more information about this incident, available resources and steps you can take.

Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.

http://uk.businessinsider.com/marrio...8-11?r=US&IR=T
https://www.prnewswire.com/news-rele...300758155.html

You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Print Wikipost

Reply

Old Nov 30, 18, 8:50 am
  #91  
 
Join Date: Feb 2013
Location: Miami, FL
Programs: UA 1MM, Marriott LT PPE, Hilton ♢, Hyatt Disc, IHG Plat, Radisson Gold, Hertz PC
Posts: 4,359
I'm numb to all these breaches. My data was compromised via British Airways a few months ago... and numerous sites before them. Now Marriott. I'm sure my social, passport, ccs etc are all floating around the dark web. And I'm sure most of you have your data right alongside mine. It's absurd, but it won't stop. The hackers are better than the CTOs. Much better.

Anyway, we're not responsible for unauthorized cc spend anyway. So unless true identity fraud starts taking place nothing really to be done at this point. It's not like we can change our social or passport #s .
TravelinSperry is offline  
Reply With Quote
Old Nov 30, 18, 8:54 am
  #92  
 
Join Date: May 2013
Location: New York
Programs: UA Silver, Marriott LTP, Hertz President's Club
Posts: 916
Originally Posted by rny321 View Post
Good question. I can't answer the question for others, but in my company passport information would only be transmitted to the airline.
The info.starwoodhotels.com site also states that the breach was in the Starwood guest reservation database. Some countries like the UK require hotels to take down passport information and retain it for a minimum of 12 months (Source). This is actually common in a lot of the EU.

So even if the 3TA didn't send passport info to Starwood/Marriott or the Marriott.com/Starwoodhotels.com sites didn't have the passport info saved - if you stayed at Starwood hotels in the affected period, it may have been added to the reservation record by the front desk clerk anyways.
phltraveler is offline  
Reply With Quote
Old Nov 30, 18, 8:55 am
  #93  
 
Join Date: Dec 2007
Location: SFO
Programs: UA Plat and 1MM, Marriott Ti/LTP, Hertz PC
Posts: 802
Originally Posted by ucfjoe View Post
Credit card data is the least important IMHO. Thatís the easiest to fix. Passport number not so much. Somewhat ironically, what seemed to trigger them knowing was the hackers trying to encrypt the data they were stealing. Given the length of the hack and clearly how well it was set up this doesnít sound like just some teenager in his parents garage doing it for fun.
I was being a little funny earlier. This is a HUGE deal. As a shareholder I regret not selling a few weeks ago which I was really close to doing. Premarket stock is down over 5% as of now.
What exactly can a hacker do with oneís passport number?
bgriff likes this.
naumank is offline  
Reply With Quote
Old Nov 30, 18, 8:56 am
  #94  
 
Join Date: Jun 2008
Location: ATL
Programs: DL:PM, Marriott:P/LTP, Hilton:G, NatCar:EE+, Hertz:PC
Posts: 8,722
Originally Posted by rny321 View Post
The credit cards I use and store on a company's website are rarely one of the ones I use for everyday spending. Since my Starwood Luxury card is rarely used anywhere except MPG hotels, it isn't that much of an issue if I need to cancel it.
I do the same, which means I always need to check the final folio because hotels do not always change the cc even when it is presented at check-in and the agent is told to swipe it because it is a different card.
CJKatl is offline  
Reply With Quote
Old Nov 30, 18, 8:58 am
  #95  
 
Join Date: Nov 2014
Location: New York
Programs: MB-LTT , HH-Diam., HGP-Expl., Accor-Plat., Former FPC-Plat.
Posts: 578
Originally Posted by phltraveler View Post
The info.starwoodhotels.com site also states that the breach was in the Starwood guest reservation database. Some countries like the UK require hotels to take down passport information and retain it for a minimum of 12 months (Source). This is actually common in a lot of the EU.

So even if the 3TA didn't send passport info to Starwood/Marriott or the Marriott.com/Starwoodhotels.com sites didn't have the passport info saved - if you stayed at Starwood hotels in the affected period, it may have been added to the reservation record by the front desk clerk anyways.
Although I can't control what happens to many aspects of my personal info, I try to minimize the damage when some of it is compromised. Are hotels required to keep the passport info in a readily accessible database or can it be stored offline?
rny321 is offline  
Reply With Quote
Old Nov 30, 18, 9:04 am
  #96  
 
Join Date: Jun 2008
Location: ATL
Programs: DL:PM, Marriott:P/LTP, Hilton:G, NatCar:EE+, Hertz:PC
Posts: 8,722
Originally Posted by phltraveler View Post
Some countries like the UK require hotels to take down passport information and retain it for a minimum of 12 months (Source). This is actually common in a lot of the EU..
My passport had to be presented and was copied in many locations, including Thailand and China, although I do not remember if it needed to be included in the reservation. However, I made a reservation for my sister over the summer at the Prague Sheraton. She had dropped off the phone and I did not have their passport numbers. The agent knew we were going to call back to add those. A few hours later the hotel manager sent an email stating the numbers needed to be in the reservation and needed to match what was presented at check-in, so I know for sure that at least for the Prague Sheraton the information needed to be included in the reservation.
CJKatl is offline  
Reply With Quote
Old Nov 30, 18, 9:09 am
  #97  
 
Join Date: Feb 2013
Location: Miami, FL
Programs: UA 1MM, Marriott LT PPE, Hilton ♢, Hyatt Disc, IHG Plat, Radisson Gold, Hertz PC
Posts: 4,359
Originally Posted by naumank View Post


What exactly can a hacker do with oneís passport number?
Exactly. The primary issue of all this is identity theft. If a thief has enough info (SS#, Passport, addresses, etc.) they could attempt to pretend they are you and open credit lines using your info. Then they could run up credit and not pay and the institution may go after you (thinking you're the one who did it). If it happens it's a long drawn out process to prove it wasn't you. With that said, banks (etc.) oftentimes put you through the 5 question security check which the thieves need to get through (and that info is not always avail on the data they stole). In fact, I even sometimes get my 5 questions wrong as they sometimes go back decades. So even with our passport # and ss#, etc. - it's not that easy to imitate someone.

If you're really worried you can join an identity theft service or buy an umbrella policy that covers Identity theft.

I think most people just get upset that their data was stolen and they don't like the feeling of it being out there. But in reality, it's a very small % of people who are ultimately victims of identity theft (but for those who are it's a huge headache). I had a friend who was and it took her over a year of work and some real funds to straighten it out.
TravelinSperry is offline  
Reply With Quote
Old Nov 30, 18, 9:29 am
  #98  
 
Join Date: Mar 2003
Location: Los Angeles, CA
Programs: UA 1K 1MMer & LT UC (when flying UA); Hyatt Credit Cardist; HHonors Gold; Marriott Gold via UA 1K
Posts: 6,242
My new passport just arrived yesterday. What a fluke of timing!
SS255 is offline  
Reply With Quote
Old Nov 30, 18, 9:32 am
  #99  
 
Join Date: May 2014
Posts: 9
Geez, from someone in the cybersecurity field and has done breach investigations this is a bit ridiculous. Yes it was under the SPG IT umbrella so it is harder to point blame but it also depends on what the merger dictated within the IT groups, this isn't abnormal to have bad guy lurking for years in a network. I had just heard that they think their decrypt keys (for credit cards etc) may have been leaked and compromised which is a total ... how on earth does that even happen as those are part of the golden keys to any orgs kingdom. I dealt with the last SPG POS breach and moved on but I am just done with the whole Marriot merger and after this year will have shifted everything away.

For anyone that is worried if this exposes your info, I almost guarantee your info is already out there somewhere anyways by now. This I am sure will climb above the 500 million....

Here is also a better article as Krebs specializes in cyber investigative reporting:
https://krebsonsecurity.com/2018/11/...4-year-breach/
bozacksmith is offline  
Reply With Quote
Old Nov 30, 18, 9:35 am
  #100  
 
Join Date: Feb 2018
Programs: Ritz Carlton Rewards : PLTP , LCAH : G, Skywards : S
Posts: 1,135
I wonder if Kim Jong Un data is stolen in the breach as he stay at St Regis sg

lincoln841 likes this.
kaizen7 is offline  
Reply With Quote
Old Nov 30, 18, 9:36 am
  #101  
 
Join Date: Feb 2013
Location: Miami, FL
Programs: UA 1MM, Marriott LT PPE, Hilton ♢, Hyatt Disc, IHG Plat, Radisson Gold, Hertz PC
Posts: 4,359
We get 1 year of webcatcher monitoring due to the breach. Enroll here:
https://answers.kroll.com/us/index.html
TravelinSperry is offline  
Reply With Quote
Old Nov 30, 18, 9:38 am
  #102  
 
Join Date: Nov 2014
Location: Nomad
Programs: A3*G, TK*G, UIA PremEY Silv, CX Silv, Hyatt Diam, , Skyteam Elite+,HH Diam, SPG Plat100, EK Silv
Posts: 1,291
Accenture and Marriot Management... Merger : failure / Technical due diligence during acquisition : Failure / Data protection since Merger : Failure.
They won a BONVOY to court! Well desserved!
Results : GDPR HUGE fine + Class action + Individual cases with EU.
The 100s of millions they will possibely have to pay will teach them the hard way that guest and their data are more important than anything else.
I still don't understand why the Marriott CEO is still running the company... let's see the next quarter financial results and let's hope the shareholders will wake up and open their eyes.

why they didn't even send us an email and we have to read the specialised website to learn it?
Disgusting lack of respect... Again. Period. "They Hang with us as he said"...
remymartin likes this.
frenchft is offline  
Reply With Quote
Old Nov 30, 18, 9:40 am
  #103  
 
Join Date: Nov 2014
Location: Nomad
Programs: A3*G, TK*G, UIA PremEY Silv, CX Silv, Hyatt Diam, , Skyteam Elite+,HH Diam, SPG Plat100, EK Silv
Posts: 1,291
anyone has the Data Privacy Officer at Marriot (for EU customers) email ?
frenchft is offline  
Reply With Quote
Old Nov 30, 18, 9:45 am
  #104  
 
Join Date: Dec 2007
Location: Canada
Posts: 936
So now KROLL wants me to send all my information via email?! Credit Card info...etc., Just a continued circle.
Bravada04 is offline  
Reply With Quote
Old Nov 30, 18, 9:50 am
  #105  
 
Join Date: Oct 2008
Location: Austin, TX
Programs: IHG Spire Elite, Marriott Titanium, AA Plat, WN A-List Preferred
Posts: 258
It's fascinating to see SPG enthusiasts somehow blaming Marriott for the mess Starwood created. It seems like the merger is likely to have exposed a years long failure by Starwood to secure customer data.
maracle is offline  
Reply With Quote

Thread Tools
Search this Thread