AwardWallet receives compensation from advertising partners for links on the blog. The opinions expressed here are our own and have not been reviewed, provided, or approved by any bank advertiser. Here's our complete list of Advertisers.

Marriott revealed today that it has suffered a huge data breach which may compromise the data of up to 500 million guests who had booked a reservation with a Starwood property prior to September 10, 2018.

Cyber Security Incident

What Happened?

The timeline is even more shocking than the sheer number of members affected. Marriott’s investigation determined that the unauthorized access and removal of guest information has been ongoing since 2014, but it was only discovered in early September 2018.

Marriott confirmed in a statement that:

 “The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it.”

The full scope of the breach is still uncertain, but Marriott believes the hacked database contains information on up to 500 million guests. For approximately 327 million guests, the data includes some combination of name, mailing address, phone number, email, passport number, date of birth, gender, and reservation details.

To make matters worse, Marriott has not been able to rule out the possibility that some members' credit card details have also been compromised.

Marriott CEO Arne Sorenson issued an apology to members, saying:

“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

Marriott has confirmed that it is cooperating with law enforcement’s investigation of the data breach and has begun the process of notifying the regulatory authorities.

Not surprisingly, Marriott's stock plummeted nearly 6% in early trading after announcing the breach. Once the true size of the breach is confirmed, experts believe it will be the second or third largest hack in history, after the 2013 hack of Yahoo, which compromised the details of three billion customers.

How Can You Protect Yourself?

Marriott has created an informational website and set up a dedicated call center to provide updates and assistance to members.

If you made a reservation with any Starwood property prior to September 10, 2018, Marriott is offering one year of free access to WebWatcher—a service that alerts you when your personal information is found in places it doesn’t belong on the web.

The WebWatcher tool is currently available for residents of the United States, Canada, and the United Kingdom via this signup page.

Although there is currently no evidence that fraudulent redemptions are being made from member accounts, this is a great time to review your AwardWallet notification settings.

AwardWallet can notify you when points are redeemed from one of your connected accounts, or when travel reservations are created or modified. To set up alerts, just check the boxes for Rewards Activity, New Travel Reservations, and Changes to Travel Reservations.

Update AwardWallet Notifications

Source: CNN Business

Breaking: Marriott Data Breach Affects 500 Million Guests
4.8 (95%) 4 votes
AwardWallet Tip of The Day
Did you know that AwardWallet supports two-factor authentication? Your account security is our top priority. If you are not familiar with two-factor authentication, check out our FAQ article on tw0-factor authentication. You can enable two-factor authentication from your profile page; there is no cost to enable this functionality and we highly recommend it to protect the integrity of your account.
Show me how

The comments on this page are not provided, reviewed, or otherwise approved by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.

Comments

  • James Eastwood says:

    Holy smokes, this is huge! Obviously it’s going to cost Marriott a big chunk of money to provide free credit monitoring for everyone affected by this but it still seems like there needs to be some way to incentivize companies to proactively prevent data breaches. I don’t know whether that will take gov’t fines or if it will take market devaluation or consumer boycotts but you always do better with the carrot than the stick so it would be great to find a positive way to enforce a data breach regulation like that. If only I were more psychologically creative, sigh…

    • They’ve got insurance for these types of things — biggest potential impact is customers/loyalty/brand tarnishment — and honestly, I doubt that’ll be anything noteworthy. Look at other companies with big data breaches; did you run from them?

  • Well the Marriott Starwood merger just keeps on giving i see

  • So crooks now have my home address along with a neat list of dates I won’t be home !!

    Cheers Marriott / SPG.

  • The memory of the Cathay Pacific data breach is still fresh.

  • This is really disturbing news! To think it’s been ongoing for so long!

  • ron_vaughn@hotmail.com says:

    this could be VERY bad….

  • Since 2014? damn that is horrible for Marriott. 4 years of this hacking going on

  • The most ridiculous part, to me, is that supposedly the breach had been exploited since 2014! In any event, settings changed, thank you.

  • This is not good news.

  • Maybe time to go back to a cash driven economy. Just kidding. Pays to check all your accounts frequently; someone taking advantage of this information might not actually utilize it for a year or more. Always be vigilant.

    • No doubt, the reality is one must be vigilant in this hyperconnected digital age. However, I’d much rather apply my limited time for vigilance to award promotions than towards monitoring my accounts for fraud. Shouldn’t be my job frankly.

  • This could be a disaster

  • I wonder when will the next victim be announced.

  • It looks like your personal info will never be safe again… breaches everywhere

  • Thank you so much for the details and how to track the breach!!!

  • Bill from Maine says:

    How much worse can it get for Marriott this year? Marriott/SPG program integration problems, redemption devaluations, continual tweaks of member benefits downward and now this. Maybe they’ll throw a few perks out to try to win some of the customers back. I personally haven’t stayed at a Marriott property since the program’s merged back in August.

  • Yet another reason to switch business away from Marriott. A four year hack that wasn’t discovered until the other day is absolutely mind blowing.

  • What, to me, at least, is amazing is that Marriott has not reached out to its customers. If they discovered this in September, they certainly have had the time to at a minimum email Rewards members with some type of information. One has to wonder, what are they not telling us?

  • Scary stuff, especially the potential for identity theft…

    Travel companies really need to do better.

  • Wow,
    This is gonna be a headache.
    I gotta call my credit cards and get them changed, then change my subscriptions.
    This is not good

  • That is so scary to have our information out there. I need to check back in my records to see if I stayed in one of their hotels during that time period.

  • Logan Fisher says:

    Just wait, this one will certainly involve a class action lawsuit just like it did when Target was compromised.

  • I certainly fall into that group that was affected by the breach. Thanks for the overview of the issue. I will be signing up for the Webwatcher tool.

  • Lillian Dikovitsky says:

    I am glad that Award Wallet notifies me of changes to my points. I hate all of these data breaches.

  • The least the group can do RIGHT NOW is to award its loyalty program members some bonus points.

  • You can assume you information is out ther,e and thus there is now a need to mitigate (as oppose to prevent) risk. These monitoring services are good for the consumer from a cost benefit basis (a they are free for victims) but are not really proactive or remediationary in nature. It is a “protect yourself” environment. Look at changing all passwords that are the same as your Marriott one, but dont’t stop there. Be alert and assume you have been compromised and begin that remediation protocol. Why dd it take 5 years to discover?

  • This is so annoying…now I need to update my credit card info and also watch for any suspicious activities.
    Thanks for the post though.

  • This seems to be getting pretty common and affecting multiple companies that should have strategies in place to protect data more proactively. Several airlines have had recent breaches notably British Airways a few months ago.

  • This has to be one of the largest breaches in the points and miles world. I’m probably going to close out all the cards i’ve used with spg. I understand how fraud on credit cards can be reported you are usually not liable but what if someone ends up stealing your points ? Is there any protection against that ?

  • Definitely not good news from Marriott.

  • This is horrible! Data breaching happens so often these days. Hackers can be “Big Brother” if they wish…

  • I guess, after 1 year, nothing can possibly be done with the information. Call any possibly affected credit cards to get a new number.

  • That’s bad:-(

  • Thank you for keeping us informed and providing tools to help us protect ourselves!

  • Has anyone on here seen their SPG personal profile data been compromised?

  • Sounds like there’s no reason to do anything until you get an email that you are an affected guest.

  • Lots of data breaches across the travel industry, it’s very worrying that our personal info is at risk.

  • Has anyone on here discovered that their personal SPG personal data been compromised?

  • This is what scares me about all these great signups. Will my data be protected? It seems no one is immune anymore, and I have to take the next step precautions (passwords, keeping track of what goes where, and so on) to stay safe.

  • This is really, really scary. And I am concerned this is happening elsewhere and the data base owners are just unaware of the situation.

  • On the other hand, it might be a good time to buy some Marriott stock during this data breach hiccup to get some shares on sale.
    It’s not like their hotels are bad places to stay.

  • That can’t be good…

  • This story keeps happening with different companies, unfortunately.

  • Well this makes one a nervous Nellie. At least we know now and can keep an eye on things. Thank goodness we have AwardWallet! I love getting the alerts when something changes in an account that I have watched.

    I can’t imagine the annoyances that people will have to go through if they have been compromised. ugh. I feel for them!

  • In my opinion acting after years it mean they didn’t catch the intrusions.
    Fortunately I’m not affected (but I have been affected by the British Airways date breach).
    Both data breach are quite dangerous with a lot of data taken and sell in the dark web.

  • Horrible news!

  • Very disturbing that passport numbers are part of the breach…

  • This is ridiculous and should no longer continue to happen. The simple truth is that most large organizations just consider the limited financial and regulatory consequences of these breaches less expensive than hardening their systems and as such is just the cost of doing business.

  • whoa- nothing is safe online huh?

  • Big deal, credit monitoring. Companies need to be more responsible. How do things like this go on for years undetected??? It just shouldn’t happen

  • I have signed up for WebWatcher, thanks for providing the link!

  • This is like the third data breach email I’ve received this week from various companies. At this point, I’m fairly sure there is not much new to steal from my account. Though the passport number bit is new.

Leave a Reply

Your email address will not be published. Required fields are marked *

**You may receive 5 bonus AAdvantage miles for leaving a comment (Details/FAQ)