Bei Marriott Bonvoy gibt es jetzt ein paar neue Infos zum SPG Datenleck …
Marriott Bonvoy hat im November aufhorchen lassen. Die gekaufte Marke SPG hat doch einige viele Daten verloren: Marriott / SPG verlieren 500 Millionen Kundendaten
Man hat die Geschichte weiter verfolgt. Es betrifft „nur“ 383 Millionen Gäste. Dabei kann man das Ausmaß des Datenlecks nicht genau definieren. 9 Millionen Kreditkarten Daten und 25 Millionen Passnummern sind mal sicher irgendwo gelandet:
„The initial announcement we made on November 30, 2018, about the Starwood guest reservation database security incident stated that there may have been information on up to 500 million guests involved. We also reported that for approximately 327 million of these guests, the information included some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, communication preferences, and encrypted payment card numbers.
When we made this announcement, our work analyzing the data involved was underway. Since that time, we have been working to remove duplicate information and to determine how many records had particular types of data present.
After further data analysis we have identified approximately 383 million records as the upper boundary for the total number of guest records that were involved in the incident. This does not, however, mean that information about 383 million unique guests was involved, as in many instances, there appear to be multiple records for the same guest. We concluded with a fair degree of certainty that information for fewer than 383 million unique guests was involved, although the company is not able to quantify that lower number because of the nature of the data in the database.
Allowing for the fact that even the most exhaustive investigation cannot necessarily provide complete certainty, Marriott now believes the following about the data involved in the incident:
There were approximately 8.6 million unique payment card numbers, all of which were encrypted;
There were approximately 5.25 million unique unencrypted passport numbers and approximately 20.3 million encrypted passport numbers.“
[button link=“https://answers.kroll.com“ color=“silver“ newwindow=“yes“] Starwood Guest Reservation Database Security Incident[/button]
Eine Kontrollpage
Man hat eine Kontrollpage eingerichtet. Was wie eine Honeypot Spaßseite aussieht, ist scheinbar wirklich die Page zur Überprüfung, ob man betroffen ist.
Die Beschreibung:
„On November 30, 2018, Marriott announced that it had taken measures to investigate and address a data security incident involving the Starwood Guest Reservation Database. More information about the incident can be found by visiting info.starwoodhotels.com.
Marriott has set up a process for guests wanting to know whether their data was involved in the incident. To make a request regarding whether your data was involved, please complete the form below. Marriott will respond to your request as soon as reasonably practicable and consistent with applicable law.“
[button link=“https://privacyportal-cdn.onetrust.com/dsarwebform/0894cd2c-85ba-4d0b-8ec1-e18f3735e0e0/5626bb0f-e894-4197-8083-b9f5cfda6662.html“ color=“silver“ newwindow=“yes“] Marriott Bonvoy Data Breach Promo Page[/button]
Eine Email zur Info über die Überprüfungspage ist leider ausgeblieben. Die Kontrollpage wirkt wie ein Fake. Ob man so das Vertrauen der Kunden wiedergewinnen kann?
Schaut doch mal in unserer Boardingarea DE Marriott Bonvoy Facebook Gruppe vorbei: MARRIOTT BONVOY (former SPG / Marriott Rewards) – Elite Member
Eine Seite auf irgendeiner externen subdomain gehostet, auf der man die nächsten Daten eingeben soll xDDD Das kann ja nur ein schlechter Scherz sein. Mal ein paar Mark mehr für eine fähige IT auszugeben, wäre nach so einer Nummer wohl dringend angeraten.
immerhin, verlinkt aufK roll, und da gibt´s dann das: Free Web Monitoring Enrollment
Leider aber nicht für Schweiz oder Österreich :/ „This will be provided by Experian, a global data and information service provider. This service (IdentityWorks℠ Global Internet Surveillance) is available to residents of Australia, Brazil, Germany, Hong Kong SAR China, India, Ireland, Italy, Mexico, New Zealand, Poland, Singapore, Spain and the Netherlands.“
einfach mal Germany clicken ;-)
Aber mein Account ist in AT.