Briefing
|
- Massive Data Breach – Hotel operator Marriott announced on November 30, 2018 that it identified a data breach in its system, affecting 500 million customers, one of largest of all time, behind Yahoo's 2013 e-mail hack
- Breach Identification – Internal data security tool first alerted company of attempt to access Starwood guest reservation database in U.S.
- Investigation Results – Further investigation by leading security experts revealed unauthorized access of database since 2014, with hackers copying and encrypting information from database, and attempting to delete it
- Affected Data – Include name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (SPG) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences, with some including payment card numbers and payment card expiration dates
- Actions Taken – Company has notified law enforcement and regulatory authorities, dedicated a website and call center for inquiries, e-mailed guests about breach, and offered free WebWatcher service, which can alert customers if their data appears in hacker marketplaces
- Class Action Lawsuit – Law firm Morgan & Morgan filed class action lawsuit against Marriott in Maryland on November 30, 2018 for “negligence, breach of confidence, and deceptive and unfair trade practices”
|