Marriott has announced that at the end of February 2020 they identified that information of up to 5.2 million guests was accessed by login credentials of two employees at a franchise property. They suspect this activity started in mid January 2020. The following information may have been involved:
- contact details (e.g., name, mailing address, email address, and phone number)
- loyalty account information (e.g., account number and points balance, but not passwords)
- additional personal details (e.g., company, gender, and birthday day and month)
- partnerships and affiliations (e.g., linked airline loyalty programs and numbers)
- preferences (e.g., stay/room preferences and language preference)
Marriott has sent out an e-mail to potentially affected customers and will be providing them with IdentityWorks credit monitoring. In late 2018 Marriott announced that SPG reservation systems were breached and 500 million customers were affected. It’s troubling that individual employees have access to this level of information and were presumably able to export that information undetected for more than a month. This shows why we need tougher penalties for data breaches, otherwise they will simply be considered a cost of doing business.
So I got an email from Marriott that they locked my account because someone used my points to make a reservation from my account but under a different name. I was asked to call the 800# and they wanted me to email them my Driver’s Licence.
I am willing to provide them with the DL but only if they let me securely upload it (and not email it.) I think Marriott does not care about my information security. The 800# was not helpful. They don’t even know which postal address to send this to. Do you have an email address that I can escalate this issue with? Do you know which government regulatory agency (similar to CFPB for banks) regulates Marriott? I want to file a complaint that gets the attention of the higher-ups. If they have a formal audit process they should have a formal process for me to share my information without the chance of having it compromised in the process.
Data stuff now and next up hackers remote flipping all the switches and water faucets just to mess with your room.
Can you please post the subject line of the email being sent Marriott?
Got it this morning.
“Notice from Marriott International”
If Marriott could find a way to give its members Coronavirus, it would. #bonvoyed
I’m considering dissolving my relationship with Marriott. They aren’t secure enough. Already got rid of any points I had left before their last major devaluation. Haven’t bothered to book any clients with them in a long time (way before the nations went into lockdown mode).
File claims under the CA personal Privacy laws. Also file requests for data — it’s illegal for them not to comply within a fixed period of time. Use the crisis to punish them — seems cruel but think about how little shits they give about their customers
Bonvoy again!!!
This and then with them charging the stupid ‘resort fees’ at 99% of properties… what’s next?
Probably more devaluation of points to have less liabilities on their books.
Perhaps this explains why I get several scam calls per week claiming to be from Marriott.
Good excuse to lay off more people.