Marriott announces data breach of up to 500 million Starwood guests

T’is the season to be busy.  This time of year is always hectic.   The holidays set in, the season of winter comes to visit, there’s open season on enrollees for health insurance with annual premium hikes and everybody decides they need their IT project done by the end of the year.  There were eleven other months in this year, right?  🙂  

Marriott reported a security incident that involved their guest registration system of their Starwood branded properties potentially involving up to half a billion guests.  The unauthorized access is believed to have occurred since 2014.  Yikes!

Starwood brands include: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels that participate in the Starwood Preferred Guest (SPG) program. Starwood branded timeshare properties (Sheraton Vacation Club, Westin Vacation Club, The Luxury Collection Residence Club, St. Regis Residence Club, and Vistana) are also included.  It does NOT include the separate Marriott reservation system.

Marriott says it began emailing guests affected by the breach on 11/30/18.  United States guests can enroll in Kroll’s Web Watcher Monitoring Service and be provided fraud consultation services and reimbursement coverage free of charge.  They also indicated that other people will attempt to use this incident to “trick individuals into providing information about themselves through the use of links to fake websites (phishing) or by impersonating someone they trusted (social engineering)”.

I was able to sign up for the Kroll Identify Protection without having to prove a prior stay.  The enrollment initially asked me for name, email, street address, phone number and date of birth.  I was quickly enrolled and got a confirmation email.   It provides a degree of monitoring for up to 2 email addresses, SSN, 3 phone numbers, 5 credit/debit cards, 5 bank accounts, 1 passport and 5 medical IDs.   If you think you might be affected, you might consider enrolling.   

For more information:
Marriott has setup an informational website  
Computer Security News, Advise and Opinion from Graham Cluley

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s