Massive data breach at Marriott; up to 500 million people affected

AP story; AFAIK it’s still developing so new details may be added or emerge later.

I don’t understand why there isn’t a law stating that a company must pay $1000 to each person whose data gets stolen.

Seems like the lack of security these companies employ would immediately become better when being faced with $500 billion in fines.

The General Data Protection Regulation (GDPR) in the EU provides for fines of up to 4% of an enterprise’s global revenue if the enterprise has a breach that’s the result of negligence. That gets a lot of people’s attention.

Man, the numbers get more staggering every time this happens. 500 million people. Jaysus.

Eh, boss?

Can that number really be right? I’ve never even heard of Starwood Hotels and half a billion unique individuals have stayed there?

ETA: oh, I see Starwood comprises a number of brands including Westin and Sheraton. Still seems like an awful lot of guests.

Plus those are mostly high-end hotels, which makes their customers into more valuable targets.

I heard on TV this morning that they have set up a website and phone number to attempt to help the potential victims. I am one of their customers and it would be helpful to know precise details about what information was taken and when. I don’t expect them to be that forthcoming, however.

I was a Marriott Rewards Member who was “upgraded” to Starwood’s “Preferred Guest” program, so it’s possible my records might be part of the breach. No email from them yet. I guess they’ll offer a year of credit monitoring…oh boy, thanks a lot.

Glad whenever I stay in a hotel it’s a Marriot Residence Inn!

There is no way that figure can be accurate. 15% of the **entire world **has stayed at a Starwood branded hotel (but not including any Marriotts?) I doubt it. My guess is that is not unique guests, but includes all repeat customers.

This is a good reminder of why everyone should lock their credit with all the agencies.

Yep-Nothing makes a company more secure than bankrupting it into oblivion.

That’s the only way the number makes any kind of sense to me.

First, it is hard as hell to secure a network. Impossible even. Causes me some sleepless nights worrying.

Second, hopefully my wife doesn’t get a hold of my history! :slight_smile:

Does the breach include movie-rental data? Asking for a friend.

The AP has updated the article I linked in the OP:

They stole data for four years before anyone noticed. So yeah, prolly is actually 500 million people, or near enough.

See, I assumed as much. I actually assumed all their historical guest data, so not just the past four years, but for as long as they’ve been storing data. So that makes it even more unlikely to me. 15% of the world has stayed at one of these hotels in the past four years? Really? I mean, I have a comfortable middle class lifestyle, and I’ve never stayed at one of those; I’m certain my parents have never stayed at one of those. It just doesn’t seem at all plausible to me. Half a billion unique guests? Really?

Not necessarily. The way it reads it can also be taken to mean hackers got into the system which had four years worth of guest’s info, maybe they started using a new system in 2014?

Note that Marriott is a separate (still secure (for now)) system. It’s only the Starwood program.

I use Marriott a lot, but I don’t think I’ve used my Starwood program this century.

Why not? About 7.5% of the US (by numbers) visits Las Vegas every year. In four years, that would be nearly 172 million people, and that’s just in this one city with a little under 150,000 hotel rooms.

How many rooms do you think Starwood has worldwide, with all those brands?

There are 339,000 Starwood hotel rooms worldwide:

500,000,000/(4*365) = 342,465

Numbers indicate to me that they stole the room records, records of who stayed in each of their rooms for four straight years.