Just recently it turns out that about half a million SPG accounts were compromised few weeks ago.
Marriott CEO said this’ :-
“We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.
Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call center. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”
Being a cyber Security professional – I understand what a nightmare this can turn into. I request all users to change their passwords to at least reset some of the encryption keys. Please check your credit card statements to check if there is no unauthorized transaction on the card as that is likely the intent to do the same. Most cyber sleuths withdraw small amounts from a different account to avoid any traceability back to them.
It is clear that Marriott IT team is not good enough. We already know what a horror story the migration has been for most people.
Marriott is investigating a data security incident involving the Starwood guest reservation system. On November 19, 2018, the investigation determined that there was unauthorized access to the database, which contained guest information relating to reservations on or before September 10, 2018.
With this investigation, Marriott learned that there had been unauthorized access to the Starwood network going back as far as 2014. An unauthorized party had copied and encrypted information.
Marriott believes that this contains information for up to approximately 500 million guests who made a reservation at a Starwood property. For about 327 million of those guests, the information included some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.