Marriott - 500 million guests data breached - Passport, personal information and Credit Cards | Credit card reward programs | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Marriott - 500 million guests data breached - Passport, personal information and Credit Cards
November 30, 2018
8:01 pm
User230
Member
Members
Forum Posts: 131
Member Since:
December 4, 2016
sp_UserOfflineSmall Offline

https://www.timescolonist.com/marriott-security-breach-exposed-data-of-up-to-500m-guests-1.23514901

This is a whopper of a data breach. In size, type and length of time. Many elected officials in the USA are calling on limitations of the data companies can collect. This breach might make history and change laws.

"The crisis quickly emerged as one of the largest data breaches on record"

"The stolen information could be used by criminals to create fraudulent bank accounts"

"he numbers could be added to full sets of data about a person that bad actors sell on the black market, leading to identity theft."

"Security analysts were alarmed to learn that the breach began in 2014. While such failures often span months, four years is extreme, said Yonatan Striem-Amit, chief technology officer of Cybereason."

"The New York attorney general opened an investigation. Virginia Sen. Mark Warner, co-founder of the Senate cybersecurity caucus and the top Democrat on the Senate Intelligence Committee, said that the U.S. needs laws that will limit the data companies can collect on its customers."

Edit: The title isn't 100% accurate. It's up to 500 million not 500 million for sure as there can be duplicates of accounts and etc.

December 1, 2018
12:28 pm
AltaRed
Member
Members
Forum Posts: 717
Member Since:
October 27, 2013
sp_UserOfflineSmall Offline

A good reason not to put in more personal data than is necessary in any such accounts with any commercial entity. Especially no credit card and passport data.

While it is a PITA to type in required data every time one makes a purchase, it is better than a data breach. I can't say I follow my own advice all the time, especially with a few sites where I purchase a lot from. I probably will live to regret it.

December 1, 2018
1:25 pm
Loonie
Member
Members
Forum Posts: 4272
Member Since:
October 21, 2013
sp_UserOfflineSmall Offline

I do avoid "convenient" "profiles" wherever possible, and do type it in every time, but I'm not sure if that will protect me. It's just all i can do.
I don't want to give up my "points" cards, however!sf-cry

December 1, 2018
5:12 pm
Save2Retire@55
Member
Members
Forum Posts: 522
Member Since:
January 3, 2013
sp_UserOfflineSmall Offline

Is this related to accounts being created or when you get a room and they ask for an ID plus CC? I don't have any profile with them but I have used them many times in the past years. No email so far but we shall see.

December 2, 2018
4:09 am
NorthernRaven
Moderator
Moderators
Forum Posts: 423
Member Since:
August 4, 2010
sp_UserOnlineSmall Online

It is actually the Starwood Group (which Marriott bought a couple of years ago) which is affected, so brands like Westin, Sheraton, W, etc. Marriott-branded hotels were on a separate system and aren't involved.

It looks like the Starwood system has been vulnerable since sometime in 2014, well before Marriott bought it, and ongoing in some for until this September.

It looks like it is actual stays, not just the profiles, since they mention arrival and departure info.

Marriott's statement is here: http://news.marriott.com/2018/.....-incident/

December 6, 2018
10:31 am
Top It Up
Member
Members
Forum Posts: 1091
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

From the Calgary Herald (Washington Post)

The incident will seem less of a failure on Marriott’s part if the Chinese government turns out to be the perpetrator, James Lewis, director of the technology policy program at the Center for Strategic and International Studies, told Bloomberg News. “No corporation can take on a government and expect to win,” he said.

December 8, 2018
7:41 am
Top It Up
Member
Members
Forum Posts: 1091
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

So, I received a boilerplate email from Marriott overnight indicating that there had been a breach of their (SPG) system.

It's unclear whether my file was one of the breached or not, similarly it's unclear whether I'll be in receipt of another email detailing same. The email I received places the onus on me to take steps to closely monitor my affairs and sign up for various services that may aid in that surveillance along with usual change my password instructions. In other words, they don't have a clue.

December 8, 2018
12:50 pm
AltaRed
Member
Members
Forum Posts: 717
Member Since:
October 27, 2013
sp_UserOfflineSmall Offline

I've not yet received that (SPG) email and wonder if I will, since when I merged the points programs, I went the Marriott way rather than the Starwood way. At this point, I don't even know if I had credit card data stored in my account history on SPG but I hope not. I don't have it stored in my Marriott account.

I wouldn't count on getting any more granularity from Marriott. I suspect you are right in that they don't have a clue.

December 11, 2018
9:42 am
Top It Up
Member
Members
Forum Posts: 1091
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

Could have seen this coming from a mile away

Canadians file class-action suits against Marriott in wake of Starwood data breach

https://www.theglobeandmail.com/business/article-marriott-facing-class-action-lawsuits-following-starwood-data-breach/

Please write your comments in the forum.