Latest Breaking News

BumRushDaShow

(128,527 posts) Fri Nov 30, 2018, 08:26 AM Nov 2018

UPDATE: Marriott discloses a massive data breach affecting up to 500 million guests

Source: Washington Post

Marriott International revealed Friday that a massive data breach may have affected up to 500 million guests.

The data breach involved information mined from the reservations database for Starwood hotels, one of Marriott’s subsidiaries. An unauthorized party had accessed the database since 2014, company officials said. The breach included names, email addresses, passport numbers, and possibly credit card numbers, according to the hotel giant.

“We deeply regret this incident happened,” Arne Sorenson, Marriott’s chief executive said in a news release. "We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

Marriott said it reported the breach to law enforcement and is also notifying regulatory authorities.

This story is developing.

Read more: https://www.washingtonpost.com/business/2018/11/30/marriott-discloses-massive-data-breach-impacting-million-guests/?utm_term=.23eebaea101d

Original article/headline -

Marriott discloses massive data breach affecting up to 500 million people

By Washington Post Staff
November 30 at 7:24 AM

The hotel giant said the breach included names, email addresses, passport numbers, travel itineraries and possibly credit card numbers as well.

This is a developing story. It will be updated.

https://www.washingtonpost.com/news/business/wp/2018/11/30/marriott-discloses-massive-data-breach-affecting-up-to-500-million-people/?utm_term=.190f2340fa52

19 replies

= new reply since forum marked as read

Highlight:

UPDATE: Marriott discloses a massive data breach affecting up to 500 million guests (Original Post) BumRushDaShow Nov 2018 OP

Oh great. mrs_p Nov 2018 #1

Thanks for posting Sherman A1 Nov 2018 #2

Damm ananda Nov 2018 #3

coupon good for free I.D. and data extraction with every room! plus this bringthePaine Nov 2018 #4

and the Book of Mormon dalton99a Nov 2018 #5

Not the first Marriott Data breach. JDC Nov 2018 #6

But whatever they found then was apparently circumvented just after BumRushDaShow Nov 2018 #7

The one I refer to happened before Starwood was in the picture JDC Nov 2018 #15

Possibly this- BumRushDaShow Nov 2018 #16

I think you are right. Thx JDC Dec 2018 #19

500,000,000 customers affected by breach? This number seems rather inflated?... SWBTATTReg Nov 2018 #8

They are a huge international chain. Coventina Nov 2018 #9

I know that they are. My former ex (deceased now) worked at Mariott too. NT SWBTATTReg Nov 2018 #10

This is also including Sheraton, St. Regis, and Westin hotels too BumRushDaShow Nov 2018 #11

This makes sense (the 500 million now). I wondered about the numbers, didn't realize... SWBTATTReg Nov 2018 #12

I Can't Get RobinA Nov 2018 #13

Yup. Same happened with me last year BumRushDaShow Nov 2018 #14

It seems unlikely that Starwood has had more guests than the entire US population. bluedigger Nov 2018 #17

The Marriott purchase of Starwood included buying the Sheraton, Westin, and St. Regis hotel chains. BumRushDaShow Nov 2018 #18

mrs_p

(3,014 posts)

1. Oh great.

Reply to BumRushDaShow (Original post)

Fri Nov 30, 2018, 08:27 AM

Nov 2018

One more thing to deal with this week. Ugh.

Sherman A1

(38,958 posts)

2. Thanks for posting

Reply to BumRushDaShow (Original post)

Fri Nov 30, 2018, 08:27 AM

Nov 2018

While hardly good news, it needs to be addressed as quickly as possible.

ananda

(28,837 posts)

3. Damm

Reply to BumRushDaShow (Original post)

Fri Nov 30, 2018, 08:36 AM

Nov 2018

I stayed at a Marriott hotel
a little over a month ago..

Time to change the cc# and
never stay at a Starwood hotel
again.

bringthePaine

(1,727 posts)

4. coupon good for free I.D. and data extraction with every room! plus this

Reply to BumRushDaShow (Original post)

Fri Nov 30, 2018, 09:31 AM

Nov 2018

additional premium:
zero meaningful consequences for your happy hosts

enjoy the "mint" on your pillow...

dalton99a

(81,406 posts)

5. and the Book of Mormon

Reply to bringthePaine (Reply #4)

Fri Nov 30, 2018, 10:41 AM

Nov 2018

JDC

(10,117 posts)

6. Not the first Marriott Data breach.

Reply to BumRushDaShow (Original post)

Fri Nov 30, 2018, 10:56 AM

Nov 2018

I've been w Marriott for a long while for work travel and they forced a password change and notified customers about 5 years ago.

BumRushDaShow

(128,527 posts)

7. But whatever they found then was apparently circumvented just after

Reply to JDC (Reply #6)

Fri Nov 30, 2018, 11:22 AM

Nov 2018

and nothing was done to really check on it since...

The OP article mentions this -

Investigators discovered that the hackers had access to Starwood’s system since 2014. When Marriott acquired Starwood in 2016, the existing breach went undetected during the merger and for years afterward.

“Marriott now faces brand and reputational damage, regulatory oversight and legal issues as the result of a cybersecurity incident that occurred two plus years before they announced the acquisition of Starwood,” Jeff Pollard, vice president and analyst and Forrester said. “It highlights the importance of robust cybersecurity due diligence during the acquisition process.”

In 2015, Starwood fell prey to credit card breaches, along with other luxury hotel brands such as the Trump Collection and Mandarin Oriental. Malware aimed at stealing credit and debit card information was found on payment systems at restaurants and stores in 54 Starwood hotels in North America, according to a letter from company president Sergio Rivera that was posted online. This breach happened just days after the Marriott acquisition was announced.

In this case, knowing that there will always been inattentiveness and disruption during mergers, which makes these systems even more vulnerable because the merged entities are going around laying off people (often including IT people and/or contractors maintaining the systems) while whining about "duplicate functions" and spouting other business verbal vomit, leaving the systems to lie fallow and ripe for hacking.

JDC

(10,117 posts)

15. The one I refer to happened before Starwood was in the picture

Reply to BumRushDaShow (Reply #7)

Fri Nov 30, 2018, 01:40 PM

Nov 2018

Circa 2012 or 13? Maybe earlier? Regardless, not good

BumRushDaShow

(128,527 posts)

16. Possibly this-

Reply to JDC (Reply #15)

Fri Nov 30, 2018, 01:50 PM

Nov 2018

http://archive.jsonline.com/newswatch/243363061.html

What gets hit are those service companies that manage the financial transaction systems (like reservations/retail purchases in hotels, etc)

JDC

(10,117 posts)

19. I think you are right. Thx

Reply to BumRushDaShow (Reply #16)

Sat Dec 1, 2018, 12:13 AM

Dec 2018

Not quite as long ago as I thought.

SWBTATTReg

(22,077 posts)

8. 500,000,000 customers affected by breach? This number seems rather inflated?...

Reply to BumRushDaShow (Original post)

Fri Nov 30, 2018, 11:42 AM

Nov 2018

I didn't think Marriott had that much business...

Coventina

(27,064 posts)

9. They are a huge international chain.

Reply to SWBTATTReg (Reply #8)

Fri Nov 30, 2018, 11:44 AM

Nov 2018

Both me and my husband have stayed at their hotels.

SWBTATTReg

(22,077 posts)

10. I know that they are. My former ex (deceased now) worked at Mariott too. NT

Reply to Coventina (Reply #9)

Fri Nov 30, 2018, 11:47 AM

Nov 2018

BumRushDaShow

(128,527 posts)

11. This is also including Sheraton, St. Regis, and Westin hotels too

Reply to SWBTATTReg (Reply #10)

Fri Nov 30, 2018, 12:11 PM

Nov 2018

that were acquired with that Marriott Starwood acquisition.

SWBTATTReg

(22,077 posts)

12. This makes sense (the 500 million now). I wondered about the numbers, didn't realize...

Reply to BumRushDaShow (Reply #11)

Fri Nov 30, 2018, 12:16 PM

Nov 2018

that Marriott owned these chains too. Thanks for posting! Take care!

RobinA

(9,886 posts)

13. I Can't Get

Reply to BumRushDaShow (Original post)

Fri Nov 30, 2018, 12:29 PM

Nov 2018

upset over these things anymore. Last year every one of my credit card numbers was replaced by the issuer. I never lost one of them. Then someone used my number and Visa caught it, so that one was changed again. Again, the card had never left my wallet. I think it's a cost of doing business these days.

BumRushDaShow

(128,527 posts)

14. Yup. Same happened with me last year

Reply to RobinA (Reply #13)

Fri Nov 30, 2018, 12:48 PM

Nov 2018

None were due to lost cards. I also know there has been an issue here and in other areas where they discover card skimmers on various retail card readers and even bank/Credit Union ATMs too - just saw this article about just that down in the Atlanta area - https://www.ajc.com/news/local/doj-romanian-used-atm-skimmers-steal-bank-information-gwinnett/mPGjBjLHztK38FrrpwgU7N/

It's a big mess.

bluedigger

(17,086 posts)

17. It seems unlikely that Starwood has had more guests than the entire US population.

Reply to BumRushDaShow (Original post)

Fri Nov 30, 2018, 04:37 PM

Nov 2018

Guest nights, maybe.

BumRushDaShow

(128,527 posts)

18. The Marriott purchase of Starwood included buying the Sheraton, Westin, and St. Regis hotel chains.

Reply to bluedigger (Reply #17)

Fri Nov 30, 2018, 04:42 PM

Nov 2018

which would have been impacted too. So literally, much of the major hotel industry.

Reply to this discussion