Last edit by: MasterGeek
From Starwood Lurker team :
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Starwood/Marriott Data Breach 500 Million Guests affected, Marriott fined £18.4m
#196
Join Date: Nov 2011
Location: Virginia
Programs: HHonors Gold, IHG Platinum, Marriott nobody
Posts: 470
I cannot figure out how the Starwood reservation system can have passport information on 327 million guests and why. I never gave my passport information to the SPG loyalty program, so the only way they can have my passport information is when I check into hotels in countries that requires passport information. Does that mean those hotels then post my passport information into a central system used by every Starwood hotels worldwide? What was the purpose of that?
#197
FlyerTalk Evangelist
Join Date: Jun 2006
Location: IAD/DCA
Posts: 31,797
because 'no one' takes security or privacy seriously
instead of 'why' it is 'why not' when 'why not' is clear
GUWonder, if when = 10 years from now..
do hilton, IHG, accor have similar breaches
only reservations / central reservations?
not SPG account information?
any clarity on that?
instead of 'why' it is 'why not' when 'why not' is clear
GUWonder, if when = 10 years from now..
do hilton, IHG, accor have similar breaches
only reservations / central reservations?
not SPG account information?
any clarity on that?
#198
Join Date: Feb 2017
Programs: DL DM, UA Gold, Alaska MVP, Bonvoy (lol) Ambassador
Posts: 2,994
Without more detail, it sounds like the database that stores reservation details were hacked. As such, it is not necessarily all SPG account details, but rather the details that are stored/copied with each reservation. It sounds like a lot of the details were copied into the reservation (e.g., address, etc), but account information that has no need to be attached to an individual reservation (e.g., lifetime nights, points, promotion participation history, etc) are unlikely to be compromised.
#199
Join Date: Aug 2011
Location: MIA, VIE and DPS
Programs: DL Plat 1MM, AA EXP 3MM, SQ Krisflyer Gold, UA Silver, Marriott LTT, HH Gold
Posts: 1,132
If it started in 2014 I can easily blame SPG. I am by no means a fan of Marriott but assuming it wasn't a super obvious exploit and some SQL9 database on a Win 2000 server; it is unlikely to surface in any due diligence. There are many many many things I can blame Marriott for - this isn't one of them. And honestly - without knowing what the exploit was - I am not blaming SPG yet either. Sometimes things happen that shouldn't. I have had some (granted minor - but it's a much smaller business) data breaches happen while CEO and ultimately responsible; I am well above average technical - but no number of policies and training will catch every last thing that can go wrong
#200
Join Date: Nov 2014
Location: lounge next door
Programs: *A Gold / ST Elite+ / OWS / EK G / HH Diam. / MR Tit / Hyatt GLOB / IHG Diam. / SL Jade / GHA Tit.
Posts: 1,527
Stop the SPG bashing. It's a Marriott and Accenture issue. Period.
I hope and pray for a MASSIVE class action in the Us and a HUGE fine from EU.
I hope and pray for a MASSIVE class action in the Us and a HUGE fine from EU.
#202
Join Date: Mar 2011
Location: Colorado
Programs: Lifetime UA 1K, Lifetime Hilton Diamond, Lifetime Marriott Bonvoy Titanium
Posts: 1,261
I've had my personal information leaked by Target, Home Depot, Hyatt, Hilton, Chase, Equifax and others. I'm guessing hackers in Russia, China, and many other countries have my passport info since it is scanned at every international hotel I stay in.
As unfortunate as this is (and Maybe it will end up costing Marriott Billions), the reality is that anyone running old on-premise software has likely been hacked. For every one of these that is detected there are many more that are not. There are too many software vulnerabilities and companies are still struggling to encrypt data properly. The amount of time it took Marriott and SPG to merge their systems was due to them both being old, brittle and not well understood. How does someone even protect these systems? You can build walls around them but hackers eventually find ways in.
Companies need too stop storing personal information and governments need to stop requiring it to be collected everywhere.
As unfortunate as this is (and Maybe it will end up costing Marriott Billions), the reality is that anyone running old on-premise software has likely been hacked. For every one of these that is detected there are many more that are not. There are too many software vulnerabilities and companies are still struggling to encrypt data properly. The amount of time it took Marriott and SPG to merge their systems was due to them both being old, brittle and not well understood. How does someone even protect these systems? You can build walls around them but hackers eventually find ways in.
Companies need too stop storing personal information and governments need to stop requiring it to be collected everywhere.
#203
FlyerTalk Evangelist
Join Date: Aug 2012
Location: KHOU/KIAH
Programs: AA EXP | Marriott Bonvoy Titanium| Hyatt Globalist
Posts: 11,247
#204
Join Date: Nov 2015
Location: BNE
Programs: NZ*G, QF Bronze, VA Red
Posts: 563
I don't recall receiving a notification from Marriott about this data breach, which means Marriott is in breach of the Australian Privacy Act 1988 as well, subject to a maximum penalty of $2.1 million per affected Australian resident as they clearly carry on business in Australia. And for us they offer nothing, not even a year's free credit monitoring. Hell, they aren't even throwing us some Marriott Points as a token gesture!
#206
FlyerTalk Evangelist
Join Date: Jun 2006
Location: IAD/DCA
Posts: 31,797
Without more detail, it sounds like the database that stores reservation details were hacked. As such, it is not necessarily all SPG account details, but rather the details that are stored/copied with each reservation. It sounds like a lot of the details were copied into the reservation
point of sale breach >
2015 2014 - hilton
2015 - starwood , hyatt , mandarin oriental, others
#207
Join Date: Nov 2015
Programs: DL, Marriott & IHG Platty; HH Diamonte
Posts: 861
Had a fraudulent incident occur. Reservation showed up on morning of Westin migration this week. I cancelled it immediately, but was still charged by the hotel.
Last edited by pharmawalk; Dec 1, 2018 at 4:46 pm
#209
A FlyerTalk Posting Legend
Join Date: Aug 2002
Programs: UALifetimePremierGold, Marriott LifetimeTitanium
Posts: 71,110
We're now on page 7 (40 posts per page) & last time I was on was page 4. But last time I was on this wasn't posted on the front page of FT (and sounds like an advert; is this guy serious)? What a crock. Lurkers actively responding blah blah (nothing against our excellent Lurkers) but all they did was post a link to the press release/info thing.
https://www.flyertalk.com/articles/s...-missteps.html
Cheers.
https://www.flyertalk.com/articles/s...-missteps.html
Cheers.
#210
FlyerTalk Evangelist
Join Date: May 2001
Posts: 10,969
I am kind of numb to this kind of thing now. I just don't believe every one is keeping my data safely and it is just the matter of time when something happens.
What I am curious about is how much of their IT resources were diverted from fixing the merger problems to work on this and if this contributed to the system merge mess...
What I am curious about is how much of their IT resources were diverted from fixing the merger problems to work on this and if this contributed to the system merge mess...