UPDATE: Marriott discloses a massive data breach affecting up to 500 million guests
Source: Washington Post
Marriott International revealed Friday that a massive data breach may have affected up to 500 million guests.
The data breach involved information mined from the reservations database for Starwood hotels, one of Marriotts subsidiaries. An unauthorized party had accessed the database since 2014, company officials said. The breach included names, email addresses, passport numbers, and possibly credit card numbers, according to the hotel giant.
We deeply regret this incident happened, Arne Sorenson, Marriotts chief executive said in a news release. "We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.
Marriott said it reported the breach to law enforcement and is also notifying regulatory authorities.
This story is developing.
Read more: https://www.washingtonpost.com/business/2018/11/30/marriott-discloses-massive-data-breach-impacting-million-guests/?utm_term=.23eebaea101d
Original article/headline -
By Washington Post Staff
November 30 at 7:24 AM
The hotel giant said the breach included names, email addresses, passport numbers, travel itineraries and possibly credit card numbers as well.
This is a developing story. It will be updated.
https://www.washingtonpost.com/news/business/wp/2018/11/30/marriott-discloses-massive-data-breach-affecting-up-to-500-million-people/?utm_term=.190f2340fa52
mrs_p
(3,014 posts)One more thing to deal with this week. Ugh.
Sherman A1
(38,958 posts)While hardly good news, it needs to be addressed as quickly as possible.
ananda
(28,837 posts)I stayed at a Marriott hotel
a little over a month ago..
Time to change the cc# and
never stay at a Starwood hotel
again.
bringthePaine
(1,727 posts)additional premium:
zero meaningful consequences for your happy hosts
enjoy the "mint" on your pillow...
dalton99a
(81,406 posts)JDC
(10,117 posts)I've been w Marriott for a long while for work travel and they forced a password change and notified customers about 5 years ago.
BumRushDaShow
(128,527 posts)and nothing was done to really check on it since...
The OP article mentions this -
Marriott now faces brand and reputational damage, regulatory oversight and legal issues as the result of a cybersecurity incident that occurred two plus years before they announced the acquisition of Starwood, Jeff Pollard, vice president and analyst and Forrester said. It highlights the importance of robust cybersecurity due diligence during the acquisition process.
In 2015, Starwood fell prey to credit card breaches, along with other luxury hotel brands such as the Trump Collection and Mandarin Oriental. Malware aimed at stealing credit and debit card information was found on payment systems at restaurants and stores in 54 Starwood hotels in North America, according to a letter from company president Sergio Rivera that was posted online. This breach happened just days after the Marriott acquisition was announced.
In this case, knowing that there will always been inattentiveness and disruption during mergers, which makes these systems even more vulnerable because the merged entities are going around laying off people (often including IT people and/or contractors maintaining the systems) while whining about "duplicate functions" and spouting other business verbal vomit, leaving the systems to lie fallow and ripe for hacking.
JDC
(10,117 posts)Circa 2012 or 13? Maybe earlier? Regardless, not good
BumRushDaShow
(128,527 posts)What gets hit are those service companies that manage the financial transaction systems (like reservations/retail purchases in hotels, etc)
JDC
(10,117 posts)Not quite as long ago as I thought.
SWBTATTReg
(22,077 posts)I didn't think Marriott had that much business...
Coventina
(27,064 posts)Both me and my husband have stayed at their hotels.
SWBTATTReg
(22,077 posts)BumRushDaShow
(128,527 posts)that were acquired with that Marriott Starwood acquisition.
SWBTATTReg
(22,077 posts)that Marriott owned these chains too. Thanks for posting! Take care!
RobinA
(9,886 posts)upset over these things anymore. Last year every one of my credit card numbers was replaced by the issuer. I never lost one of them. Then someone used my number and Visa caught it, so that one was changed again. Again, the card had never left my wallet. I think it's a cost of doing business these days.
BumRushDaShow
(128,527 posts)None were due to lost cards. I also know there has been an issue here and in other areas where they discover card skimmers on various retail card readers and even bank/Credit Union ATMs too - just saw this article about just that down in the Atlanta area - https://www.ajc.com/news/local/doj-romanian-used-atm-skimmers-steal-bank-information-gwinnett/mPGjBjLHztK38FrrpwgU7N/
It's a big mess.
bluedigger
(17,086 posts)Guest nights, maybe.
BumRushDaShow
(128,527 posts)which would have been impacted too. So literally, much of the major hotel industry.