Nov 30, 2018, 5:05 am
Last edit by: MasterGeek
From Starwood Lurker team :
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Starwood/Marriott Data Breach 500 Million Guests affected, Marriott fined £18.4m
Nov 30, 2018, 10:07 pm
#212
FlyerTalk Evangelist
Join Date: Jun 2006
Location: IAD/DCA
Posts: 31,797
it will come out when exactly they learned about it, but the only point i saw being made at that link was that several companies mentioned tried to hide it or downplay it or whatever. clearly it is very early in the process. (hours after announcement)
"said Friday [Nov 30] it determined [Mon] Nov. 19"
technically possible they wanted to send an email sooner, but it was delayed, so they went public before
although timing may have been friday intentionally, that is common [2nd friday after nov 19]
what was timing of past emails vs public announcements ?
agree with others that the lesson was already learned (by aware consumers), the additional lesson here perhaps is to try to do whatever possible to limit information, as mentioned for example passport info in starwood reservations (was it something that hotels were doing)
"said Friday [Nov 30] it determined [Mon] Nov. 19"
technically possible they wanted to send an email sooner, but it was delayed, so they went public before
although timing may have been friday intentionally, that is common [2nd friday after nov 19]
what was timing of past emails vs public announcements ?
agree with others that the lesson was already learned (by aware consumers), the additional lesson here perhaps is to try to do whatever possible to limit information, as mentioned for example passport info in starwood reservations (was it something that hotels were doing)
Last edited by Kagehitokiri; Dec 1, 2018 at 11:26 am
Nov 30, 2018, 10:57 pm
#213
Join Date: Nov 1999
Location: MEX/YVR/YYF
Programs: AS MVP/AC75K/AM Gold/UA*S/SPG-Marriott Lifetime Titanium/Accor-FPC Gold/HHDiamond/Hyatt Exp
Posts: 5,035
I had two stays over the Thanksgiving weekend, and the first hotel had no indication of my platinum status which meant no upgrades, no welcome amenity, no breakfast. The app showed my account under audit. I called to see what was up and they told me there was an unauthorized login on my account and I had to send a copy of my ID, which I did. Called back and they said that the team that could unlock my account wouldn't be in until Monday. So the second hotel (checked in Sunday night, out Monday AM) also didn't see my status. Luckily, I'd booked a rate with breakfast (only bc it was the same price as without) so we didn't have to pay for breakfast that morning. Anyway, I'm thinking this probably had something to do with that "unauthorized access".
A global hotel group with 30 brands across 6 continents and they have the account audit team working Monday thru Friday.
They are in over their heads and then some.
I am still puzzled by the 'all the way back to 2014' statement put out by Marriott and Kroll...I am waiting for some other shoe or shoes to drop on this mess.
Nov 30, 2018, 11:25 pm
#214
Join Date: Dec 2007
Location: SFO
Posts: 4,912
For a run of the mill street criminal or ordinary civilian criminal gang there is not a whole lot of utility in just having a passport number and that passport's details when there is no photo/photocopy of the passport biodata page itself. But there is a whole lot of utility for such information in the hands of a state actor with robust document fraud capabilities or when dealing with less secure passport types where a bunch of stolen or fraudulently-acquired passport blanks have been collected by someone in the identity theft arena, whether for financial fraud, deep cover or whatever else.
Dec 1, 2018, 12:22 am
#216
Join Date: Feb 2002
Location: DUB/ORD/SIN/PVG
Programs: EI AerClub Concierge, EK Gold, BA Gold, BD Gold (Retired), HHonors Diamond, Bonvoy Lifetime Gold
Posts: 2,923
Great. Was caught in the BA hack earlier this year and now this. Time to change my name and go live in a cave.
Dec 1, 2018, 12:31 am
#217
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
the Chinese hotels (including both SPG and Marriott) scans a copy of the biometric page of passport and store it somehow. I know this because on multiple occasions I either forgot my key or entered the lounge I see my passport photo pop up and no ID required. Whether or not that is stored on the hacked system, I’m not sure, but it must be tied to some rooming system for it to pop up upon typing the room number.
Dec 1, 2018, 12:35 am
#218
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
That by itself doesn’t necessarily mean the card data was lifted from Marriott/Starwood. It’s not a black swan event for card data to be stolen from one point of sale and then have it used fraudulently at another point of sale a few years after its use at what was or becomes a compromised point of sale.
Dec 1, 2018, 12:36 am
#219
Join Date: Nov 2000
Location: Hotel Guru
Programs: Marriott Lifetime Titanium, UA Gold
Posts: 1,455
Dec 1, 2018, 12:41 am
#220
Suspended
Join Date: Sep 2014
Programs: AC SE100K-1MM, NH, DL, AA, BA, Global Entry/Nexus, APEC..
Posts: 18,877
Speaking of hotels scanning passports, remember this episode. Great photos.
What Happens To Passport Copies Taken At Hotels? Sometimes You May Find Them At Business Center! Case: The Park Kolkata (SPG – Design Hotels)
https://loyaltylobby.com/2017/02/27/...design-hotels/
QUOTE from the article:
"Hotel employees have access to your personal and credit card information. Combined this with more detailed information found from the IDs, passports and visas, it would not be difficult to someone engage in identity theft.
Here’s the response that I received from the Marriott spokesperson:
"
What Happens To Passport Copies Taken At Hotels? Sometimes You May Find Them At Business Center! Case: The Park Kolkata (SPG – Design Hotels)
https://loyaltylobby.com/2017/02/27/...design-hotels/
QUOTE from the article:
"Hotel employees have access to your personal and credit card information. Combined this with more detailed information found from the IDs, passports and visas, it would not be difficult to someone engage in identity theft.
Here’s the response that I received from the Marriott spokesperson:
At Marriott, we take the matters of privacy and security of personal information very seriously. Marriott International, Inc. does not own, operate or manage the Park Hotel Kolkata. The hotel participates in the Starwood SPG program through its relationship with Design Hotels. We have been informed by Design Hotels that they are addressing this matter.
Dec 1, 2018, 1:04 am
#221
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
One share of common stock under most corporate by-laws is enough to vote in BOD elections, but typically salaries and perks for top executives (and BOD positions) are set by some compensation committee of the BOD. Shareholders generally don't vote directly on the CEO's salary.
Dec 1, 2018, 2:07 am
#222
FlyerTalk Evangelist
Join Date: Apr 2008
Location: LGA/JFK/EWR
Programs: UA 1K1.75MM, Hyatt Globalist, abandoned Marriott LTT (RIP SPG), Hertz PC
Posts: 21,167
You and a few few others talking about “trolling” in this thread is the opposite of helpful. “We” didn’t create this mess.
Dec 1, 2018, 3:10 am
#223
Join Date: Feb 2008
Location: In the air
Programs: Hyatt Globalist, Bonvoy LT Plat, Hilton Gold, GHA Tit, BA Gold, Turkish Elite
Posts: 8,717
Marriott and their associated hotels charge the highest rate they believe they can justify in a market. To the degree that rate is over costs, they make profit. A fine (assuming it stays below profit margin) can’t impact the consumer as prices will always be designed for an optimal price/ volume profitability level - so they will simply come out of corporate profits. I guess one could argue that the people who suffer are Marriott’s owners (often pension holders), which is fair enough.
Dec 1, 2018, 3:35 am
#224
FlyerTalk Evangelist
Join Date: Dec 2003
Location: MAN and LON
Programs: Mucci, BAEC LT Gold, HH Dia, MR LT Plat, IHG Diamond Amb, Amex Plat
Posts: 13,770
I realise this is a common line of argument in the US, but it’s very much a local only perspective. Everywhere else, this would be dismissed as obviously not making any sense.
Marriott and their associated hotels charge the highest rate they believe they can justify in a market. To the degree that rate is over costs, they make profit. A fine (assuming it stays below profit margin) can’t impact the consumer as prices will always be designed for an optimal price/ volume profitability level - so they will simply come out of corporate profits. I guess one could argue that the people who suffer are Marriott’s owners (often pension holders), which is fair enough.
Dec 1, 2018, 3:52 am
#225
Join Date: Feb 2008
Location: In the air
Programs: Hyatt Globalist, Bonvoy LT Plat, Hilton Gold, GHA Tit, BA Gold, Turkish Elite
Posts: 8,717
Of course they could - but no reason why they wouldn’t do that anyways. Business decisions are not always rational, so it could well happen, but that’s still very far from claiming that corporate fines = consumers pay.