Story image

Marriott sets up call centres to answer questions on data breach

17 Dec 2018

Marriott has released an update on the breach of the Starwood guest reservation data breach which affected 500 million guests.

When investigating the incident, Marriott learned that there had been unauthorised access to the Starwood network since 2014.

It discovered that an unauthorised party had copied and encrypted information, and took steps towards removing it.

On November 19, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.

The breach, reported on December 3, included some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

Dedicated call centre

Marriott has set up a dedicated website and call centre to answer its customers’ questions about their personal information and the data breach.

The call centre is available in multiple languages and Marriott warned that they would be likely to experience high call volumes initially.

Email notification

Marriott also reported that it began sending emails on a rolling basis on November 30 to affected guests whose email addresses are in the Starwood guest reservation database.

Free identity monitoring

In certain countries and regions, Marriott is offering affected guests the opportunity to enrol in a personal information monitoring service free of charge for one year.

This will be provided by Experian, a global data and information service provider.

This service (IdentityWorks Global Internet Surveillance) is available to residents of Australia, Brazil, Germany, Hong Kong, India, Ireland, Italy, Mexico, New Zealand, Poland, Singapore, Spain and the Netherlands.

IdentityWorks Global Internet Surveillance monitors whether a user’s personal data is available on public websites, chat rooms, blogs, and non-public places on the internet where data can be compromised, such as "dark web" sites, and generates an alert to if evidence of their personal information is found.

This is an optional service, and how much information users want to include in the identity monitoring is completely at their discretion.

Starwood properties impacted include:

  • Westin
  • Sheraton
  • The Luxury Collection
  • Four Points by Sheraton
  • W Hotels
  • St. Regis
  • Le Méridien
  • Aloft
  • Element
  • Tribute Portfolio
  • Design Hotels 

At the time of the disclosure, Marriott president and chief executive officer Arne Sorenson said, “We deeply regret this incident happened.”

“We fell short of what our guests deserve and what we expect of ourselves. 

“We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.