Nov 30, 2018, 5:05 am
Last edit by: MasterGeek
From Starwood Lurker team :
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Starwood/Marriott Data Breach 500 Million Guests affected, Marriott fined £18.4m
Nov 30, 2018, 8:50 am
#91
Join Date: Feb 2013
Location: Miami, FL
Programs: UA 1MM, AA Plat, Marriott LT Titanium, Hyatt Glob, IHG ♢ Amb, Hilton ♢, Hertz Pres
Posts: 6,016
I'm numb to all these breaches. My data was compromised via British Airways a few months ago... and numerous sites before them. Now Marriott. I'm sure my social, passport, ccs etc are all floating around the dark web. And I'm sure most of you have your data right alongside mine. It's absurd, but it won't stop. The hackers are better than the CTOs. Much better.
Anyway, we're not responsible for unauthorized cc spend anyway. So unless true identity fraud starts taking place nothing really to be done at this point. It's not like we can change our social or passport #s .
Anyway, we're not responsible for unauthorized cc spend anyway. So unless true identity fraud starts taking place nothing really to be done at this point. It's not like we can change our social or passport #s .
Nov 30, 2018, 8:54 am
#92
Join Date: May 2013
Location: New York
Programs: UA Silver, Marriott LTPP, Hertz Five Star
Posts: 1,079
So even if the 3TA didn't send passport info to Starwood/Marriott or the Marriott.com/Starwoodhotels.com sites didn't have the passport info saved - if you stayed at Starwood hotels in the affected period, it may have been added to the reservation record by the front desk clerk anyways.
Nov 30, 2018, 8:55 am
#93
Join Date: Dec 2007
Location: SFO
Programs: UA 1MM, Marriott LTP, Hilton Gold, Hyatt Explorist, Hertz PC
Posts: 1,003
Credit card data is the least important IMHO. That’s the easiest to fix. Passport number not so much. Somewhat ironically, what seemed to trigger them knowing was the hackers trying to encrypt the data they were stealing. Given the length of the hack and clearly how well it was set up this doesn’t sound like just some teenager in his parents garage doing it for fun.
I was being a little funny earlier. This is a HUGE deal. As a shareholder I regret not selling a few weeks ago which I was really close to doing. Premarket stock is down over 5% as of now.
Nov 30, 2018, 8:56 am
#94
Join Date: Jun 2008
Location: BDU
Programs: DL:MM, Marriott:LTT
Posts: 8,779
I do the same, which means I always need to check the final folio because hotels do not always change the cc even when it is presented at check-in and the agent is told to swipe it because it is a different card.
Nov 30, 2018, 8:58 am
#95
Join Date: Nov 2014
Location: New York
Programs: MB-LTT , HH-Diam., HGP-Expl.
Posts: 778
The info.starwoodhotels.com site also states that the breach was in the Starwood guest reservation database. Some countries like the UK require hotels to take down passport information and retain it for a minimum of 12 months (Source). This is actually common in a lot of the EU.
So even if the 3TA didn't send passport info to Starwood/Marriott or the Marriott.com/Starwoodhotels.com sites didn't have the passport info saved - if you stayed at Starwood hotels in the affected period, it may have been added to the reservation record by the front desk clerk anyways.
So even if the 3TA didn't send passport info to Starwood/Marriott or the Marriott.com/Starwoodhotels.com sites didn't have the passport info saved - if you stayed at Starwood hotels in the affected period, it may have been added to the reservation record by the front desk clerk anyways.
Nov 30, 2018, 9:04 am
#96
Join Date: Jun 2008
Location: BDU
Programs: DL:MM, Marriott:LTT
Posts: 8,779
Some countries like the UK require hotels to take down passport information and retain it for a minimum of 12 months (Source). This is actually common in a lot of the EU..
Nov 30, 2018, 9:09 am
#97
Join Date: Feb 2013
Location: Miami, FL
Programs: UA 1MM, AA Plat, Marriott LT Titanium, Hyatt Glob, IHG ♢ Amb, Hilton ♢, Hertz Pres
Posts: 6,016
Exactly. The primary issue of all this is identity theft. If a thief has enough info (SS#, Passport, addresses, etc.) they could attempt to pretend they are you and open credit lines using your info. Then they could run up credit and not pay and the institution may go after you (thinking you're the one who did it). If it happens it's a long drawn out process to prove it wasn't you. With that said, banks (etc.) oftentimes put you through the 5 question security check which the thieves need to get through (and that info is not always avail on the data they stole). In fact, I even sometimes get my 5 questions wrong as they sometimes go back decades. So even with our passport # and ss#, etc. - it's not that easy to imitate someone.
If you're really worried you can join an identity theft service or buy an umbrella policy that covers Identity theft.
I think most people just get upset that their data was stolen and they don't like the feeling of it being out there. But in reality, it's a very small % of people who are ultimately victims of identity theft (but for those who are it's a huge headache). I had a friend who was and it took her over a year of work and some real funds to straighten it out.
If you're really worried you can join an identity theft service or buy an umbrella policy that covers Identity theft.
I think most people just get upset that their data was stolen and they don't like the feeling of it being out there. But in reality, it's a very small % of people who are ultimately victims of identity theft (but for those who are it's a huge headache). I had a friend who was and it took her over a year of work and some real funds to straighten it out.
Nov 30, 2018, 9:32 am
#99
Join Date: May 2014
Posts: 17
Geez, from someone in the cybersecurity field and has done breach investigations this is a bit ridiculous. Yes it was under the SPG IT umbrella so it is harder to point blame but it also depends on what the merger dictated within the IT groups, this isn't abnormal to have bad guy lurking for years in a network. I had just heard that they think their decrypt keys (for credit cards etc) may have been leaked and compromised which is a total ... how on earth does that even happen as those are part of the golden keys to any orgs kingdom. I dealt with the last SPG POS breach and moved on but I am just done with the whole Marriot merger and after this year will have shifted everything away.
For anyone that is worried if this exposes your info, I almost guarantee your info is already out there somewhere anyways by now. This I am sure will climb above the 500 million....
Here is also a better article as Krebs specializes in cyber investigative reporting:
https://krebsonsecurity.com/2018/11/...4-year-breach/
For anyone that is worried if this exposes your info, I almost guarantee your info is already out there somewhere anyways by now. This I am sure will climb above the 500 million....
Here is also a better article as Krebs specializes in cyber investigative reporting:
https://krebsonsecurity.com/2018/11/...4-year-breach/
Nov 30, 2018, 9:36 am
#101
Join Date: Feb 2013
Location: Miami, FL
Programs: UA 1MM, AA Plat, Marriott LT Titanium, Hyatt Glob, IHG ♢ Amb, Hilton ♢, Hertz Pres
Posts: 6,016
We get 1 year of webcatcher monitoring due to the breach. Enroll here:
https://answers.kroll.com/us/index.html
https://answers.kroll.com/us/index.html
Nov 30, 2018, 9:38 am
#102
Join Date: Nov 2014
Location: lounge next door
Programs: *A Gold / ST Elite+ / OWS / EK G / HH Diam. / MR Tit / Hyatt GLOB / IHG Diam. / SL Jade / GHA Tit.
Posts: 1,527
Accenture and Marriot Management... Merger : failure / Technical due diligence during acquisition : Failure / Data protection since Merger : Failure.
They won a BONVOY to court! Well desserved!
Results : GDPR HUGE fine + Class action + Individual cases with EU.
The 100s of millions they will possibely have to pay will teach them the hard way that guest and their data are more important than anything else.
I still don't understand why the Marriott CEO is still running the company... let's see the next quarter financial results and let's hope the shareholders will wake up and open their eyes.
why they didn't even send us an email and we have to read the specialised website to learn it?
Disgusting lack of respect... Again. Period. "They Hang with us as he said"...
They won a BONVOY to court! Well desserved!
Results : GDPR HUGE fine + Class action + Individual cases with EU.
The 100s of millions they will possibely have to pay will teach them the hard way that guest and their data are more important than anything else.
I still don't understand why the Marriott CEO is still running the company... let's see the next quarter financial results and let's hope the shareholders will wake up and open their eyes.
why they didn't even send us an email and we have to read the specialised website to learn it?
Disgusting lack of respect... Again. Period. "They Hang with us as he said"...
Nov 30, 2018, 9:50 am
#105
Join Date: Oct 2008
Location: Austin, TX
Programs: IHG Spire Elite, Marriott Titanium, AA Plat, WN A-List Preferred
Posts: 267
It's fascinating to see SPG enthusiasts somehow blaming Marriott for the mess Starwood created. It seems like the merger is likely to have exposed a years long failure by Starwood to secure customer data.