Go Back  FlyerTalk Forums > Miles&Points > Hotels and Places to Stay > Marriott | Marriott Bonvoy
Reload this Page >

Marriott Data Breach [from Starwood database] : 500 Million Guests affected

Marriott Data Breach [from Starwood database] : 500 Million Guests affected

    Hide Wikipost
Old Mar 13, 19, 12:09 pm   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: MasterGeek
Wiki Link
From Starwood Lurker team :
Please visit  info.starwoodhotels.com  for more information about this incident, available resources and steps you can take.

Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.

http://uk.businessinsider.com/marrio...8-11?r=US&IR=T
https://www.prnewswire.com/news-rele...300758155.html

You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Print Wikipost

Reply

Old Nov 30, 18, 4:32 am
  #1  
Original Poster
 
Join Date: Mar 2010
Location: Sunshine State
Programs: Avis Trump. Costco Exec. SPG PLAT PREM-90. WN A+/CP. AA SLV. Nat EE..
Posts: 442
Marriott Data Breach [from Starwood database] : 500 Million Guests affected

https://www.prnewswire.com/news-rele...300758155.html
Sorry mods I originally posted this in the Marriot sub form. This appears to be a big deal.We have a call center now that should be really responsive at least.
  • We have established a dedicated website (info.starwoodhotels.com) and call center to answer questions you may have about this incident. The frequently-asked questions on info.starwoodhotels.com may be supplemented from time to time. The call center is open seven days a week and is available in multiple languages. Call volume may be high, and we appreciate your patience.
  • For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest ("SPG") account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).

Last edited by yosithezet; Nov 30, 18 at 4:58 pm Reason: Fixed url
ucfjoe is offline  
Reply With Quote
Old Nov 30, 18, 4:37 am
  #2  
 
Join Date: Feb 2004
Location: Helsinki, Finland
Posts: 2,254
Thta´s why I do not trust outsiders, my phone or any apps to store my CC or passport information. Makes life a little easier, until it makes it so much more difficult.
Helsinki Flyer is offline  
Reply With Quote
Old Nov 30, 18, 4:41 am
  #3  
 
Join Date: Nov 1999
Location: YYF/PEI/MZL/EZE
Programs: AS MVP/AC E50K/SPG-Marriott Titanium/Accor-FPC Plat/IHG Gold/HHDiamond/Hyatt Exp
Posts: 4,829
You have to be kidding me.

info.starwoodhotels.com

I have had to replace 3 Amex cards this year due to being compromised.

Well done Marriott, keep up the good job.

Now I have to wait for the email saying I was part of the millions.
tfong007, SoonerRed and ericw like this.

Last edited by PointWeasel; Nov 30, 18 at 4:45 am Reason: add specific website
PointWeasel is offline  
Reply With Quote
Old Nov 30, 18, 4:45 am
  #4  
Original Poster
 
Join Date: Mar 2010
Location: Sunshine State
Programs: Avis Trump. Costco Exec. SPG PLAT PREM-90. WN A+/CP. AA SLV. Nat EE..
Posts: 442
Only 325 Million is guest stays have their passport info compromised. Everyone should go ahead and change their passport numbers now to be safe. At least credit card data appears to be safe here.
Would love for some tech experts to opine on this but so far it sounds like someone has had a backdoor in the SPG system for a long while not sure if 2014 or if they were just able to access data back to 2014. They became aware POST integration so it would suggest that they have legacy Marriott user data as well?
ucfjoe is offline  
Reply With Quote
Old Nov 30, 18, 4:47 am
  #5  
 
Join Date: Jul 2005
Posts: 1,047
ARNE Should resign. He has simply failed to deliver in this MERGER. Someone is going to sue the .... out of Marriott over this. Total cost to Marriott is going to be Material.
jr1202sr is offline  
Reply With Quote
Old Nov 30, 18, 4:47 am
  #6  
A FlyerTalk Posting Legend
 
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 86,710
Originally Posted by ucfjoe View Post
https://www.prnewswire.com/news-rele...300758155.html
Sorry mods I originally posted this in the Marriot sub form. This appears to be a big deal.



It's pretty huge -- and the 8-k filing to the SEC indicates that there's a material event's issue arising from this situation. But I doubt it really makes a huge financial difference for Marriott. Unfortunately. Between insurance coverage and the corporate apologist inclination of the systems in which we are dealing in the main, I doubt Marriott loses more than even a few week's revenue over this boondoggle.

The value of all such information in the hands of questionable actors -- be they run-of-the-mill criminals, organized, international crime syndicates, or governmental actors -- is rather substantial, even if all the stored bank card data has not all been compromised.

Originally Posted by ucfjoe View Post
Only 325 Million is guest stays have their passport info compromised. Everyone should go ahead and change their passport numbers now to be safe. At least credit card data appears to be safe here.
Would love for some tech experts to opine on this but so far it sounds like someone has had a backdoor in the SPG system for a long while not sure if 2014 or if they were just able to access data back to 2014. They became aware POST integration so it would suggest that they have legacy Marriott user data as well?



My passport information is not in most of my reservations and that info has only been loaded into the hotel systems at some places when I've checked in. There is no good customer reason for Marriott/Starwood to store passport numbers/info beyond that which is required by laws in relevant jurisdictions for relevant stays. That said, I wouldn't change a passport just because the passport number got swiped -- governments are the biggest leakers of passport numbers, so I'm sure my passports' numbers are out there where it has no good reason to be.
Kiara and wxman22 like this.

Last edited by GUWonder; Nov 30, 18 at 4:57 am
GUWonder is online now  
Reply With Quote
Old Nov 30, 18, 4:52 am
  #7  
 
Join Date: Feb 2008
Location: In the air
Programs: BA Gold, Marriott Amb, Hilton Diamond, AMEX Plat
Posts: 5,498
FFS. I said just a month ago that the total lack of quality assurance made it likely that a major data breach was likely in the near future. They have singularly failed in conducting due diligence to serve and protect their customers.

Edit: Though it does appear this may have partially pre-dated the merger.
EuropeanPete is online now  
Reply With Quote
Old Nov 30, 18, 4:55 am
  #8  
Original Poster
 
Join Date: Mar 2010
Location: Sunshine State
Programs: Avis Trump. Costco Exec. SPG PLAT PREM-90. WN A+/CP. AA SLV. Nat EE..
Posts: 442
Credit card data is the least important IMHO. That’s the easiest to fix. Passport number not so much. Somewhat ironically, what seemed to trigger them knowing was the hackers trying to encrypt the data they were stealing. Given the length of the hack and clearly how well it was set up this doesn’t sound like just some teenager in his parents garage doing it for fun.
I was being a little funny earlier. This is a HUGE deal. As a shareholder I regret not selling a few weeks ago which I was really close to doing. Premarket stock is down over 5% as of now.
ucfjoe is offline  
Reply With Quote
Old Nov 30, 18, 4:57 am
  #9  
2019 FlyerTalk Awards
 
Join Date: Aug 2018
Posts: 297
Originally Posted by EuropeanPete View Post
FFS. I said just a month ago that the total lack of quality assurance made it likely that a major data breach was likely in the near future. They have singularly failed in conducting due diligence to serve and protect their customers.
This data breach has been going on since 2014, so it’s not related to the merger or even the acquisition. And it does not affect Marriott’s booking platform, only SPG’s.
MePlatPremier is online now  
Reply With Quote
Old Nov 30, 18, 4:58 am
  #10  
Moderator: British Airways Executive Club, Marriott Bonvoy
 
Join Date: May 2006
Location: Englandshire
Programs: SPG LT Plat, BA G, BD*LG, MG Blue+ ...
Posts: 11,245
Some additional detail from Business Insider. My bolding.

Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.

The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
This implies a breach in the SPG booking platform, which simply continued through the August merger.
frenchft likes this.
Oxon Flyer is offline  
Reply With Quote
Old Nov 30, 18, 4:58 am
  #11  
 
Join Date: Feb 2008
Location: In the air
Programs: BA Gold, Marriott Amb, Hilton Diamond, AMEX Plat
Posts: 5,498
Originally Posted by MePlatPremier View Post


This data breach has been going on since 2014, so it’s not related to the merger or even the acquisition. And it does not affect Marriott’s booking platform, only SPG’s.
Yes, as I noted 5min before you posted this. Thanks!
EuropeanPete is online now  
Reply With Quote
Old Nov 30, 18, 5:06 am
  #12  
A FlyerTalk Posting Legend
 
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 86,710
Originally Posted by MePlatPremier View Post


This data breach has been going on since 2014, so it’s not related to the merger or even the acquisition. And it does not affect Marriott’s booking platform, only SPG’s.


It's been going on during the acquisition and even after the acquisition. It's even been going on as of a couple of months ago.

If Marriott weren't so busy rushing to squeeze customers via the rushed integration related to the merger/acquisition, perhaps the company would have caught this mess sooner and the boondoggle wouldn't have been as bad as it had become.
GUWonder is online now  
Reply With Quote
Old Nov 30, 18, 5:06 am
  #13  
 
Join Date: Nov 2017
Programs: United 1K
Posts: 95
I wonder if the post merger troubles led to this issue being identified.
Resonant Programmer is offline  
Reply With Quote
Old Nov 30, 18, 5:06 am
  #14  
FlyerTalk Evangelist
Four Seasons Contributor BadgeMandarin Oriental Contributor Badge
 
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 31,094
Wow, what's going to happen in the EU with their strict new GDRP rules? Or as this predates that law will they get out of it?
remymartin likes this.
stimpy is offline  
Reply With Quote
Old Nov 30, 18, 5:10 am
  #15  
2019 FlyerTalk Awards
 
Join Date: Aug 2018
Posts: 297
Originally Posted by GUWonder View Post
It's been going on during the acquisition and even after the acquisition. It's even been going on as of a couple of months ago.

If Marriott weren't so busy rushing to squeeze customers via the rushed integration related to the merger/acquisition, perhaps the company would have caught this mess sooner and the boondoggle wouldn't have been as bad as it had become.
Yeah! Just like pre-acquisition SPG caught it...
CPRich, kennycrudup, KRSW and 3 others like this.
MePlatPremier is online now  
Reply With Quote

Thread Tools
Search this Thread