Last edit by: MasterGeek
From Starwood Lurker team :
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Starwood/Marriott Data Breach 500 Million Guests affected, Marriott fined £18.4m
#451
FlyerTalk Evangelist
Join Date: Jun 2006
Location: IAD/DCA
Posts: 31,797
to clarify, in 2014 multiple hotel chains discovered malware on point of sale systems (processing credit cards) that stole data
most are unaware of what china does (including but not limited to state level) especially with focus on russia
when did starwood first announce considering sale?
most are unaware of what china does (including but not limited to state level) especially with focus on russia
when did starwood first announce considering sale?
#452
Join Date: Mar 2012
Programs: Mileage Plus 1K; Marriott Platinum; Hilton Gold
Posts: 6,355
unexpected credit card activity from "Marriott" - is this connected to data breach?
Over the weekend, I noticed a declined negative charge from Marriott on my VISA card, the same one that I had used in my past Marriott bookings via their compromised database.
Called my bank today, and they said that it was an attempt to credit money back to my account (around $30) but since there was no corresponding charge for a similar/related amount, they declined the credit. I asked whether they were taking extra precautions because of the Marriott data theft and the answer was yes. I feel pretty confident that they will make sure my account isn't misused by the scammers.
Has anyone else noticed funny business from Marriott on their cards that were compromised through the data breach?
UPDATE: I called the number on the email that had officially notified me of the data breach to report this suspicious activity. The agent was very friendly, but could not help me because "systems were down". They took my contact information and promised someone would call just as soon as the systems were working again. It's been >24 hours now and no contact has been made!
Called my bank today, and they said that it was an attempt to credit money back to my account (around $30) but since there was no corresponding charge for a similar/related amount, they declined the credit. I asked whether they were taking extra precautions because of the Marriott data theft and the answer was yes. I feel pretty confident that they will make sure my account isn't misused by the scammers.
Has anyone else noticed funny business from Marriott on their cards that were compromised through the data breach?
UPDATE: I called the number on the email that had officially notified me of the data breach to report this suspicious activity. The agent was very friendly, but could not help me because "systems were down". They took my contact information and promised someone would call just as soon as the systems were working again. It's been >24 hours now and no contact has been made!
Last edited by transportprof; Dec 18, 2018 at 4:22 pm
#453
Suspended
Join Date: Oct 2009
Location: Kan@da
Programs: Anything with sweet spots
Posts: 1,790
Over the weekend, I noticed a declined negative charge from Marriott on my VISA card, the same one that I had used in my past Marriott bookings via their compromised database.
Called my bank today, and they said that it was an attempt to credit money back to my account (around $30) but since there was no corresponding charge for a similar/related amount, they declined the credit. I asked whether they were taking extra precautions because of the Marriott data theft and the answer was yes. I feel pretty confident that they will make sure my account isn't misused by the scammers.
Has anyone else noticed funny business from Marriott on their cards that were compromised through the data breach?
UPDATE: I called the number on the email that had officially notified me of the data breach to report this suspicious activity. The agent was very friendly, but could not help me because "systems were down". They took my contact information and promised someone would call just as soon as the systems were working again. It's been >24 hours now and no contact has been made!
Called my bank today, and they said that it was an attempt to credit money back to my account (around $30) but since there was no corresponding charge for a similar/related amount, they declined the credit. I asked whether they were taking extra precautions because of the Marriott data theft and the answer was yes. I feel pretty confident that they will make sure my account isn't misused by the scammers.
Has anyone else noticed funny business from Marriott on their cards that were compromised through the data breach?
UPDATE: I called the number on the email that had officially notified me of the data breach to report this suspicious activity. The agent was very friendly, but could not help me because "systems were down". They took my contact information and promised someone would call just as soon as the systems were working again. It's been >24 hours now and no contact has been made!
The data breach call centre exists just so that Marriott can claim it provides support related to the breach and to give any callers or claimers the rub-around, fob off and nake them shut up. The call centre is useless, unempowered and not really interested in helping you. They merely regurgitate what is written on the data breach portal faq.
Last edited by MasterGeek; Dec 29, 2018 at 3:54 am
#455
Join Date: Jul 2009
Programs: DL PM, HH Diamond, Marriott Plat, AA, WP
Posts: 840
Stolen: 5 million unencrypted passport numbers and 20.3 million encrypted ones, with it being unclear whether encryption keys were stolen as well. It's massive, and likely not the last time we hear of an event like this one.
#456
Join Date: Apr 2003
Location: SLC/HEL/Anywhere with a Beach
Programs: Marriott Ambassador; AA EXP 3MM; AS MVP, Hilton Gold, CH-47/UH-60/C-23/C-130 VET
Posts: 5,234
Well once people realized it was a state actor, they realized it implicates other issues.
But ... think about all the places a state actor can obtain passport numbers and how insecure they are. I think about the countries I've been in since the December and can't imagine they have sophisticated security. Just last week, a hotel was making three copies of my passport when I checked in. One was for the front desk, one was for the back office, and one gets turned into the government daily.
If people were concerned, governments would agree hotels have no obligation to keep passport info.
#457
Join Date: Aug 2015
Location: The FT AA forum, until it no longer wants me.
Programs: CK or bust
Posts: 1,913
What are you going to be doing for guests who are concerned that their passport number was subject to fraud?
We are putting in place a mechanism to enable our designated call center representatives to refer guests to the appropriate resources to enable a look up of passport numbers to see if they were included in this set of unencrypted passport numbers. We will update this website when we have that capability in place.
In addition, we have a claims process in place for guests whose passport numbers have been verified to be part of the unencrypted group through the look up process described above and who are concerned that their information was used fraudulently. To have a fraud claim considered for reimbursement, please mail a summary of what happened and what your request is along with documentation of any expenses to any of the addresses set forth below:
For guests from the U.S., Canada, Asia Pacific and Middle East & Africa:
Marriott International, Inc.
10400 Fernwood Road
Bethesda, MD 20817
ATTN: Department 51 911.01 – Claims
#458
FlyerTalk Evangelist
Join Date: Jun 2006
Location: IAD/DCA
Posts: 31,797
looking up passport number = another way for it to be stolen if it hasnt been
or for new breaches to happen depending on how it is being stored
at least not ~300 million and will hopefully have at least some impact on security in future
hopefully europe also implements some new changes that all companies comply with
is there some good recent coverage?
or for new breaches to happen depending on how it is being stored
hopefully europe also implements some new changes that all companies comply with
is there some good recent coverage?
#459
Join Date: Apr 2003
Location: SLC/HEL/Anywhere with a Beach
Programs: Marriott Ambassador; AA EXP 3MM; AS MVP, Hilton Gold, CH-47/UH-60/C-23/C-130 VET
Posts: 5,234
https://www.npr.org/2018/12/12/67598...ch-reports-say
As for passport numbers ... think of the countries who collect your passport number ... if you've traveled through Hong Kong or China, a state actor has your passport number. Then think of countries outside of Europe, US. Canada, Japan, etc. Has the Peruvian government database of all the passport info they collect from hotels and immigration been compromised? To quote Pink Floyd, this is just another brick in the wall ....
#460
FlyerTalk Evangelist
Join Date: Jun 2006
Location: IAD/DCA
Posts: 31,797
right, hopefully there will be some changes with regards to recording it in first place, other than places that obviously will always record secretly
sounds like any stolen CCs were via other breaches
have there been any numbers given (for CCs etc) other than passports?
sounds like any stolen CCs were via other breaches
have there been any numbers given (for CCs etc) other than passports?
#461
FlyerTalk Evangelist
Join Date: Jun 2007
Location: Toronto
Programs: UA 1K, AC MM E75, Marriott LT Ti, IHG Dia Amb, Hyatt Glob
Posts: 15,521
OK, this is downright creepy. As I am reading this, I am in the Dept of Chemistry bar at the JW Emerald Bay and this song is playing in the bar. It's not Pink Floyd but a remake which I've never heard before, but wow!
#462
Join Date: Apr 2003
Location: SLC/HEL/Anywhere with a Beach
Programs: Marriott Ambassador; AA EXP 3MM; AS MVP, Hilton Gold, CH-47/UH-60/C-23/C-130 VET
Posts: 5,234
#463
Join Date: Feb 2019
Posts: 1
It never happened
OK, here's the deal. There never was a data breach. The file they "found" was created as part of the due diligence process when Marriott and others were evaluating Starwood for acquisition. Ask yourself what hacker capable of penetrating deep into a secure data center and gaining total access to the database would then extract a copy of the data, encrypt it and then leave it there? No hacker ever. Because there has been no evidence that any of this data has ever been found outside of Starwood/Marriott, they had to invent the story that it was the Chinese and state sponsored spying. Really? The file was stored on the most secure system available to Starwood primarily because Marriott had the habit of asking for the same data over and over. So instead of going through the extract process multiple times, the original file was resent. Since all of the former IT staff had either left or been released when the file was discovered, there was no one around to tell them why it was there and they simply assumed the worst.
#464
Join Date: Dec 2006
Location: SNA
Programs: Bonvoy LTTE/AMB, AmEx Plat, National EE, WN A-List, CLEAR+, Covid-19
Posts: 4,967
#465
FlyerTalk Evangelist
Join Date: Apr 2008
Location: LGA/JFK/EWR
Programs: UA 1K1.75MM, Hyatt Globalist, abandoned Marriott LTT (RIP SPG), Hertz PC
Posts: 21,170
Count me quite interested in this poster, especially w/that particular handle.
Not sure what is falling apart about said story when I'm guessing a lot of Starwood employees were sadly made redundant by the Marriott Borg.
Not sure what is falling apart about said story when I'm guessing a lot of Starwood employees were sadly made redundant by the Marriott Borg.