At this point it sure seems like major breaches with travel brands are a common occurrence. The latest company to be impacted by one of these is Marriott.
Marriott is investigating a data security incident involving the Starwood guest reservation system. On November 19, 2018, the investigation determined that there was unauthorized access to the database, which contained guest information relating to reservations on or before September 10, 2018.
With this investigation, Marriott learned that there had been unauthorized access to the Starwood network going back as far as 2014. An unauthorized party had copied and encrypted information.
Marriott believes that this contains information for up to approximately 500 million guests who made a reservation at a Starwood property. For about 327 million of those guests, the information included some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
For others, this also included payment card numbers and payment card expiration dates.
Marriott’s CEO had the following to say:
“We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.
Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call center. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”
Maybe I’m too passive about this stuff, but I don’t put much thought into these data breaches. I feel like if I did, I’d spend 24/7 paranoid, given how much information we give out to various companies on a day-by-day basis. Short of moving to a deserted island and cutting off contact with the outside world (which doesn’t seem great given that I blog for a living), I feel like I’ll be exposed to this stuff no matter what.
So I choose not to think about, and in the event that I do ever have issues with a credit card stolen, my identity stolen, etc., I’ll deal with it as need be. I’d rather it be annoying to deal with for a short period of time, than this be something I constantly think about my entire life.
The beauty of credit cards is that you have fraud protection, so in the event that your information is compromised, you’re typically not on the hook. And I’m not too worried about any hackers figuring out my SPG profile preferences otherwise.
So yeah, obviously this isn’t great, but every time I hear about one of these I just kinda go ¯\_(ツ)_/¯.
What’s your take on these data breaches? Immediate panic, or just “it is what it is?”