Log In
Register
Home
Topic RSS
Facebook
Twitter
Email this8:01 pm
December 4, 2016
Offline
https://www.timescolonist.com/marriott-security-breach-exposed-data-of-up-to-500m-guests-1.23514901
This is a whopper of a data breach. In size, type and length of time. Many elected officials in the USA are calling on limitations of the data companies can collect. This breach might make history and change laws.
"The crisis quickly emerged as one of the largest data breaches on record"
"The stolen information could be used by criminals to create fraudulent bank accounts"
"he numbers could be added to full sets of data about a person that bad actors sell on the black market, leading to identity theft."
"Security analysts were alarmed to learn that the breach began in 2014. While such failures often span months, four years is extreme, said Yonatan Striem-Amit, chief technology officer of Cybereason."
"The New York attorney general opened an investigation. Virginia Sen. Mark Warner, co-founder of the Senate cybersecurity caucus and the top Democrat on the Senate Intelligence Committee, said that the U.S. needs laws that will limit the data companies can collect on its customers."
Edit: The title isn't 100% accurate. It's up to 500 million not 500 million for sure as there can be duplicates of accounts and etc.
12:28 pm
October 27, 2013
Offline
A good reason not to put in more personal data than is necessary in any such accounts with any commercial entity. Especially no credit card and passport data.
While it is a PITA to type in required data every time one makes a purchase, it is better than a data breach. I can't say I follow my own advice all the time, especially with a few sites where I purchase a lot from. I probably will live to regret it.
1:25 pm
October 21, 2013
Offline
I do avoid "convenient" "profiles" wherever possible, and do type it in every time, but I'm not sure if that will protect me. It's just all i can do.
I don't want to give up my "points" cards, however!
5:12 pm
January 3, 2013
Offline
Is this related to accounts being created or when you get a room and they ask for an ID plus CC? I don't have any profile with them but I have used them many times in the past years. No email so far but we shall see.
4:09 am
August 4, 2010
Offline
It is actually the Starwood Group (which Marriott bought a couple of years ago) which is affected, so brands like Westin, Sheraton, W, etc. Marriott-branded hotels were on a separate system and aren't involved.
It looks like the Starwood system has been vulnerable since sometime in 2014, well before Marriott bought it, and ongoing in some for until this September.
It looks like it is actual stays, not just the profiles, since they mention arrival and departure info.
Marriott's statement is here: http://news.marriott.com/2018/.....-incident/
10:31 am
December 17, 2016
Offline
From the Calgary Herald (Washington Post)
The incident will seem less of a failure on Marriott’s part if the Chinese government turns out to be the perpetrator, James Lewis, director of the technology policy program at the Center for Strategic and International Studies, told Bloomberg News. “No corporation can take on a government and expect to win,” he said.
7:41 am
December 17, 2016
Offline
So, I received a boilerplate email from Marriott overnight indicating that there had been a breach of their (SPG) system.
It's unclear whether my file was one of the breached or not, similarly it's unclear whether I'll be in receipt of another email detailing same. The email I received places the onus on me to take steps to closely monitor my affairs and sign up for various services that may aid in that surveillance along with usual change my password instructions. In other words, they don't have a clue.
12:50 pm
October 27, 2013
Offline
I've not yet received that (SPG) email and wonder if I will, since when I merged the points programs, I went the Marriott way rather than the Starwood way. At this point, I don't even know if I had credit card data stored in my account history on SPG but I hope not. I don't have it stored in my Marriott account.
I wouldn't count on getting any more granularity from Marriott. I suspect you are right in that they don't have a clue.
Please write your comments in the forum.