Nov 30, 2018, 5:05 am
Last edit by: MasterGeek
From Starwood Lurker team :
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Starwood/Marriott Data Breach 500 Million Guests affected, Marriott fined £18.4m
Nov 30, 2018, 4:00 pm
#181
Join Date: Apr 2003
Location: SLC/HEL/Anywhere with a Beach
Programs: Marriott Ambassador; AA EXP 3MM; AS MVP, Hilton Gold, CH-47/UH-60/C-23/C-130 VET
Posts: 5,234
Hopefully with the help of the FBI, they can find out if it was foreign governments or sophisticated crooks did it.
Both SPG and Marriott had at least average level of IT staff and commercially available enterprise level security software . So the hack was able to be undetected since 2014 means it's should be a sophisticated hack that went around all the security.
I am prepared to show of understanding if Marriott/SPG was hacked by foreign governments. There is little defense on this type of hacking. Recall the Bloomberg news a month ago of Chinese government putting a small chip on server motherboards to hack Apple and other Silicon Valley giants to steal technology secrets. All elite government hacking teams have access to Operating System holes that maybe the original manufacturer (be it Microsoft or Google or Apple) don't know yet. National law enforcement agencies (including the FBI) also buys services from data security companies that sole purpose is to find vulnerability on devices/computers to help law enforcement "get in" when the accused is uncooperative with a court order. The point is... Every system has holes and those with deep pockets and deep talent (normally governments) can get through like a cyber version of Mission Impossible. It would be unrealistic for commercial entities to guard their system to the near impenetrable level like Pentagon/CIA guard their systems.
Both SPG and Marriott had at least average level of IT staff and commercially available enterprise level security software . So the hack was able to be undetected since 2014 means it's should be a sophisticated hack that went around all the security.
I am prepared to show of understanding if Marriott/SPG was hacked by foreign governments. There is little defense on this type of hacking. Recall the Bloomberg news a month ago of Chinese government putting a small chip on server motherboards to hack Apple and other Silicon Valley giants to steal technology secrets. All elite government hacking teams have access to Operating System holes that maybe the original manufacturer (be it Microsoft or Google or Apple) don't know yet. National law enforcement agencies (including the FBI) also buys services from data security companies that sole purpose is to find vulnerability on devices/computers to help law enforcement "get in" when the accused is uncooperative with a court order. The point is... Every system has holes and those with deep pockets and deep talent (normally governments) can get through like a cyber version of Mission Impossible. It would be unrealistic for commercial entities to guard their system to the near impenetrable level like Pentagon/CIA guard their systems.
Well, with how everyone's data is already out there it's hard to nail exact causes for ID theft. It's no data that hasn't already been leaked before.
While unlikely, it could also be a state actor or industrial espionage. Knowing where people are planning to go is useful information for both states or for unscrupulous enterprises. Think M&A, unusual financial auditing activity, where certain government officials plan to go before announcements, and so on.
While unlikely, it could also be a state actor or industrial espionage. Knowing where people are planning to go is useful information for both states or for unscrupulous enterprises. Think M&A, unusual financial auditing activity, where certain government officials plan to go before announcements, and so on.
There is at least one country out there that scrapes data broadly like this for state purposes ...
Nov 30, 2018, 4:07 pm
#182
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
Nov 30, 2018, 4:15 pm
#183
Join Date: Dec 2006
Location: SNA
Programs: Bonvoy LTTE/AMB, AmEx Plat, National EE, WN A-List, CLEAR+, Covid-19
Posts: 4,963
Marriott only inherited SPG's apparently-inadequate IT; to use "Marriott" here in a pejorative fashion is trolling, IMO. SPG people might not have liked the MR website pre-merger, but at least it wasn't being pillaged for 4 years before then- which would probably still be going on, unbeknownst to SPG had MR not had to delve deep into the IT while they try and sort out this problemmatic merger.
Nov 30, 2018, 4:16 pm
#184
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
What makes you so sure that Marriott's systems haven't been hacked before too? I would be very surprised if there weren't at least two state actors that swiped a chunk of Marriott customer data from the era before Marriott even acquired SPG. 
To get the analogy straight, the grill would have hairs from more than one victim, with at least one of the victims being killed during your ownership and sole possession of the car/car keys. Then you become a suspect for at least one count of vehicular manslaughter.
If there was any (hard) evidence required of the level of irrational hatred of MR by SPG loyalists, this thread is it.
Imagine that after some time and negotiation, I finally buy a classic car I've been interested in for a while. In the process of cleaning it up to get it show-ready, I find hairs in the grill that are then later found to be connected to the victim of a fatal hit-and-run that happened years ago. If some here on FT had their way, I would be on trial for first-degree murder.
Imagine that after some time and negotiation, I finally buy a classic car I've been interested in for a while. In the process of cleaning it up to get it show-ready, I find hairs in the grill that are then later found to be connected to the victim of a fatal hit-and-run that happened years ago. If some here on FT had their way, I would be on trial for first-degree murder.
Last edited by GUWonder; Nov 30, 2018 at 4:22 pm
Nov 30, 2018, 4:18 pm
#185
Join Date: Aug 2014
Location: YYZ
Programs: Ex-Bonvoyed, Hyatt, Hilton, BR, AC, AA
Posts: 1,291
Marriott only inherited SPG's apparently-inadequate IT; to use "Marriott" here in a pejorative fashion is trolling, IMO. SPG people might not have liked the MR website pre-merger, but at least it wasn't being pillaged for 4 years before then- which would probably still be going on, unbeknownst to SPG had MR not had to delve deep into the IT while they try and sort out this problemmatic merger.
Nov 30, 2018, 4:21 pm
#187
Join Date: Dec 2006
Location: SNA
Programs: Bonvoy LTTE/AMB, AmEx Plat, National EE, WN A-List, CLEAR+, Covid-19
Posts: 4,963
Nov 30, 2018, 4:26 pm
#191
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
But, no, it wouldn't have to be.
Nov 30, 2018, 4:27 pm
#192
Join Date: Jun 2011
Location: PHL
Posts: 656
I had two stays over the Thanksgiving weekend, and the first hotel had no indication of my platinum status which meant no upgrades, no welcome amenity, no breakfast. The app showed my account under audit. I called to see what was up and they told me there was an unauthorized login on my account and I had to send a copy of my ID, which I did. Called back and they said that the team that could unlock my account wouldn't be in until Monday. So the second hotel (checked in Sunday night, out Monday AM) also didn't see my status. Luckily, I'd booked a rate with breakfast (only bc it was the same price as without) so we didn't have to pay for breakfast that morning. Anyway, I'm thinking this probably had something to do with that "unauthorized access".
Nov 30, 2018, 4:28 pm
#193
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
Nov 30, 2018, 4:34 pm
#194
FlyerTalk Evangelist
Join Date: Feb 2004
Location: YVR
Programs: AC SE 2MM; UA MP Premier Silver; Marriott Bonvoy LT Titanium Elite; Radisson; Avis PC
Posts: 35,255
I have a headache keeping up with this forum with the daily crappolla from Starriott. Now this. Disappointing all around.
Nov 30, 2018, 5:11 pm
#195
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,393
One share of common stock under most corporate by-laws is enough to vote in BOD elections, but typically salaries and perks for top executives (and BOD positions) are set by some compensation committee of the BOD. Shareholders generally don't vote directly on the CEO's salary.