Marriott's Starwood Reservation System Worldwide Data Breach - 500+ Million Guest Accounts Hacked Over Past 4 Years


  • Global Moderator

    Marriott discovered last week that their Starwood reservation system used for many of its brands has been breached and data downloaded repeatedly since 2014. Over 500 million guest accounts may have been been compromised. Stolen data includes some combination of:

    • Names
    • Home addresses
    • Birthdays
    • Passwords
    • Passport numbers
    • Email addresses
    • Phone numbers
    • Birth dates
    • Gender
    • Payment card numbers and expiration dates
    • Arrival and departure dates/times
    • SPG account information (SPG account #, points balance, status level, & communication preferences)

    Impacted customers are those who ever made reservations (on or before September 10, 2018) at one of these Starwood properties:

    • Aloft Hotel
    • Design Hotels
    • Element Hotels
    • Four Points by Sheraton
    • Le Méridien Hotels & Resorts
    • Sheraton Hotels & Resorts
    • St. Regis
    • Starwood branded timeshare properties
    • The Luxury Collection
    • Tribute Portfolio
    • W Hotels
    • Westin Hotels & Resorts
      *Note: Marriott uses a separate reservation system on a different network.

    Marriott, which acquired Starwood in September 2016, is working with law enforcement and regulators, plans to phase out the Starwood systems, and is fast-tracking network security enhancements already in progress (with the help of leading security experts). They also set up a dedicated website and call center about the breach for guests, and provide data protection free for one year where applicable.

    Starting today, they will begin sending notification emails “on a rolling basis” to affected guests whose email addresses were in the reservation database.

    International Call Centers:

    • USA: 877-273-9481
    • Australia: 1-800-270-917
    • Canada 877-273-9481
    • China: 400-120-0845
    • Brazil: 0-800-724-8312
    • France: 0805-080216
    • Germany: 0800-180-1978
    • India: 000-800-050-1531
    • Italy: 800-728-023
    • Japan: 0120-901-011
    • Mexico: 01-800-099-0742
    • South Korea: 080-822-1429
    • Spain: 900-905407
    • Russia: 8-800-100-6925
    • United Arab Emirates: 8000-3201-34
    • UK: 0-808-189-1065

    Free WebWatcher Enrollment

    • Guests can enroll in WebWatcher free of charge for one year. WebWatcher monitors internet sites where personal information is shared and generates an alert to the consumer if evidence of the consumer’s personal information is found. Due to regulatory and other reasons, WebWatcher or similar products are not available in all countries.
    • Guests from the United States who complete the WebWatcher enrollment process will also be provided fraud consultation services and reimbursement coverage for free:
      (1) a Fraud Loss Reimbursement benefit, which reimburses you for out-of-pocket expenses totaling up to $1 million in covered legal costs and expenses for any one stolen identity event. All coverage is subject to the conditions and exclusions in the policy; and
      (2) unlimited access to consultation with a Kroll fraud specialist. Consultation support includes showing you the most effective ways to protect your identity, explaining your rights and protections under the law, assistance with fraud alerts, and interpreting how personal information is accessed and used, including investigating suspicious activity that could be tied to an identity theft event.
    • Enrollment is available in the following countries.
      • United States
      • Canada
      • United Kingdom

    Other steps you can take regardless of your location:

    • Monitor your SPG account for any suspicious activity.
    • Change your password regularly. Do not use easily guessed passwords. Do not use the same passwords for multiple accounts.
    • Review your payment card account statements for unauthorized activity and immediately report unauthorized activity to the bank that issued your card.
    • Be vigilant against third parties attempting to gather information by deception (commonly known as “phishing”), including through links to fake websites. Marriott will not ask you to provide your password by phone or email.
    • If you believe you are the victim of identity theft or your personal data has been misused, you should immediately contact your national data protection authority or local law enforcement.

    Newsweek
    Huffington Post


 

Looks like your connection to PhatWallet was lost, please wait while we try to reconnect.