Update 3/13/19: Results of checking if your data was stolen are now being sent out. Hat tip to reader Dan W
Back on November 30th, 2018 Marriott revealed that SPG reservation systems were breached with ~500 million guests data stolen (since downgraded to 383 million unique guests), some of this information included payment and passport data. Months later it’s now possible to find out if your data was stolen or not (technically Marriott was supposed to already inform you but in some cases contact details are either incomplete or inaccurate).
I have a few issues with how Marriott is handling this:
- The process is being completed by security firm OneTrust, as such the actual form is not on the Marriott/SPG website. Marriott really shouldn’t be encouraging customers to enter this level of sensitive information on a third party website.
- The breach was first reported in November of last year, why has this process taken so long?
- I don’t think Marriott has been pro-active enough in informing customers. In some cases there is incomplete information but it’s still accurate (e.g the e-mail might be inaccurate but the phone number works)
It’s also worth pointing out that the checker isn’t instant, you’ll need to wait for a response. Personally there is no way I’m giving potentially even more sensitive data to a third party to check if my data was breached.
Hat tip to Tech Crunch
