Last edit by: MasterGeek
From Starwood Lurker team :
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Starwood/Marriott Data Breach 500 Million Guests affected, Marriott fined £18.4m
#136
Suspended
Join Date: Sep 2014
Programs: AC SE100K-1MM, NH, DL, AA, BA, Global Entry/Nexus, APEC..
Posts: 18,877
......
However companies need to be severely punished by the authorities for a breach, otherwise they will continue to happen. As long as a company thinks some slap on the hand regulatory fine is less than having to maintain top level up to date security these things will continue to happen......
However companies need to be severely punished by the authorities for a breach, otherwise they will continue to happen. As long as a company thinks some slap on the hand regulatory fine is less than having to maintain top level up to date security these things will continue to happen......
Toothless fines have not made a dent because as the Target hack from Dec 2013 showed, companies - and banks - look at the odds and choose the path of least resistance: oh well, if it happens we'll spend some pennies and toss a few bones of refunds, new credit cards, credit monitoring etc, here and there.
Look at the recent hacks at BA and worse, CX. Responses from those questionably capable in-charges, Alex at BA/IAG and Rupert at CX: giant shrugs.
Did Arne at least offer a shrug?
.
Last edited by 24left; Nov 30, 2018 at 11:34 am Reason: spelling
#139
Join Date: Oct 2008
Location: Austin, TX
Programs: IHG Spire Elite, Marriott Titanium, AA Plat, WN A-List Preferred
Posts: 267
Marriott bought Starwood, and therefore get their liability. They should be held to account. But I boggle at folks who pretty much are saying they liked the good ol' days, when their account was breached and no one knew about it.
#140
Join Date: Aug 2018
Programs: SkyPesos -> MVP Gold 100K
Posts: 672
It's not a full on credit monitoring like Equifax/Transunion provides for $$, it's some half-baked solution that only monitors whatever information you provide to them. I think that's downright ridiculous.
#141
Join Date: Nov 2014
Location: lounge next door
Programs: *A Gold / ST Elite+ / OWS / EK G / HH Diam. / MR Tit / Hyatt GLOB / IHG Diam. / SL Jade / GHA Tit.
Posts: 1,523
Anyone can join the dedicated call center?
I have tried 3 numbers in Europe, all working but nobody answer or talk.
Pathetic, again. Marriott all the way.
I have tried 3 numbers in Europe, all working but nobody answer or talk.
Pathetic, again. Marriott all the way.
#142
Join Date: Nov 2014
Location: lounge next door
Programs: *A Gold / ST Elite+ / OWS / EK G / HH Diam. / MR Tit / Hyatt GLOB / IHG Diam. / SL Jade / GHA Tit.
Posts: 1,523
Not sure how it is on the US end, but on the Canada side, their 'monitoring' is not really 'monitoring' per se.
It's not a full on credit monitoring like Equifax/Transunion provides for $$, it's some half-baked solution that only monitors whatever information you provide to them. I think that's downright ridiculous.
It's not a full on credit monitoring like Equifax/Transunion provides for $$, it's some half-baked solution that only monitors whatever information you provide to them. I think that's downright ridiculous.
You have to give all your personal data to I don't who . No way!
#143
Join Date: Nov 2014
Location: lounge next door
Programs: *A Gold / ST Elite+ / OWS / EK G / HH Diam. / MR Tit / Hyatt GLOB / IHG Diam. / SL Jade / GHA Tit.
Posts: 1,523
https://www.classlawgroup.com/marrio...reach-lawsuit/
Serious guys?
Serious guys?
#144
Join Date: May 2004
Location: LAX
Posts: 1,849
Anyway, we're not responsible for unauthorized cc spend anyway. So unless true identity fraud starts taking place nothing really to be done at this point. It's not like we can change our social or passport #s .
The only protection is to freeze your credit. Period.
Any “monitoring” etc is just BS, a way to have you signed up for some extra monthly payment for nothing.
#145
Original Member and FlyerTalk Evangelist
Join Date: May 1998
Location: Kansas City, MO, USA
Programs: DL PM/MM, AA ExPlat, Hyatt Glob, HH Dia, National ECE, Hertz PC
Posts: 16,579
As others have pointed out, I don't possibly see how the Starwood reservation system possibly had information on 500 million unique people, I think it really must be 500 million reservations, which is still a huge number, but a significant difference from 500 million customers. Starwood only has 400,000 rooms total or so today (Source), to get that many unique customers would have been a different person occupying every single room Starwood has each night for the past five years, and as we well know, 1) not every single room is occupied every single night; and 2) many of those rooms are occupied by the same people on different nights.
#146
Join Date: Aug 2014
Location: MSP
Programs: AGR S+, Marriott Plat, HHonors Diamond, Hyatt Explorist
Posts: 100
I bet their IT department are filled with drinking buddies that watch Netflix all day. I have seen similar in government agencies and some fortune 500 companies.
#147
Join Date: Feb 2005
Location: Toronto (YYZ)
Posts: 6,279
This is not the first time this has happened with Starwood take a look at these FT threads:
Payment systems hacked at some SPG hotels
And this doesn't even account for the Starwood SPG account hacks either! That has its own separate thread:
My SPG Account Got Hacked
Payment systems hacked at some SPG hotels
And this doesn't even account for the Starwood SPG account hacks either! That has its own separate thread:
My SPG Account Got Hacked
#149
Suspended
Join Date: Sep 2014
Programs: AC SE100K-1MM, NH, DL, AA, BA, Global Entry/Nexus, APEC..
Posts: 18,877
This is not the first time this has happened with Starwood take a look at these FT threads:
Payment systems hacked at some SPG hotels
And this doesn't even account for the Starwood SPG account hacks either! That has its own separate thread:
My SPG Account Got Hacked
Payment systems hacked at some SPG hotels
And this doesn't even account for the Starwood SPG account hacks either! That has its own separate thread:
My SPG Account Got Hacked
Right, which is what I was referencing in my post upthread about previous hacks
#150
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
Whether it's 2% or 4% depends on whether or not it's considered either:
2%: Breach of controller or processor obligations
4%: Breach of data subjects’ rights and freedoms
In any case, "behind the scenes negotiations" is irrelevant - they have an obligation to notify. I'm not entirely clear what negotiation you'd even negotiate over... "We have a data breach, but we'll only follow our legal obligation to notify if you agree to give us a lower fine?"
2%: Breach of controller or processor obligations
4%: Breach of data subjects’ rights and freedoms
In any case, "behind the scenes negotiations" is irrelevant - they have an obligation to notify. I'm not entirely clear what negotiation you'd even negotiate over... "We have a data breach, but we'll only follow our legal obligation to notify if you agree to give us a lower fine?"