Marriott: Data on 500 Million Guests Stolen in 4-Year Breach

[swidup]

https://krebsonsecurity.com/2018/11/marriott-data-on-500-million-guests-stolen-in-4-year-breach/

[swidup]

https://www.newsweek.com/marriott-hack-massive-data-leak-hits-500-million-customers-hotel-breached-1238449

[swidup]

https://viewfromthewing.boardingarea.com/2018/11/30/massive-marriott-data-breach-500-million-bookings-many-with-payment-and-passport-data/ data types

[swidup]

https://www.zdnet.com/article/marriott-sued-hours-after-announcing-data-breach/

http://www.staradvertiser.com/2018/12/01/breaking-news/national-class-action-lawsuit-filed-over-marriott-data-breach/

"IOI_individual_lawsuit": "Yes", "IOI_class_action_lawsuit": "Yes",

[swidup]

https://www.washingtonpost.com/business/2018/12/04/marriott-will-pay-new-passports-after-data-breach-if-fraud-has-taken-place/?utm_term=.bdaa459d1bc9

"IOI_other_monetary_impact_amt:", "", "IOI_other_monetary_impact_notes", "Cost of passport replacement, if we get an amount."

[swidup]

https://techcrunch.com/2018/12/03/marriott-data-breach-response-risk-phishing/ "IOI_poor_IR_handling": "Yes", "IOI_poor_IR_Description": "Sent customers to a phishing site instead of the correct site to sign up for credit monitoring",

[swidup]

https://mobilesyrup.com/2018/12/07/marriott-sends-notice-to-canadians-of-data-breach/

"IOI_multiple_domestic_juris_affected": "Yes",
"IOI_international_juris_affected": "Yes",

[swidup]

https://domainnamewire.com/2018/12/13/marriotts-poor-choice-of-domain-for-email-notification/ "IOI_poor_IR_handling": "Yes", "IOI_poor_IR_Description": "Company chose to send breach notice from email-marriott.com, not marriott.com, leading to poor deliverability.",

To add insult to injury, Marriott tried to take a page out of Equifax's book of poor incident response: "Marriott is offering all breach victims a one-year, prepaid subscription to WebWatcher, a fraud-monitoring service offered by risk consultancy Kroll. But the lawsuit contends that the terms and conditions for using WebWatcher mandate that disputes go to mandatory arbitration and that by signing up, consumers forfeit their rights to jury trials or class actions. In other words, from a legal-rights perspective, the service would hardly appear to be "free."

From the complaint: "Marriott engaged in an underhanded attempt to induce putative class members to waive and limit their legal rights, creating both uncertainty about whether to accept the WebWatcher product and whether they were still permitted to pursue legal claims in court through a class action vehicle," the plaintiffs allege. "The net result of this conduct is dissuading consumers from taking all steps to vindicate their rights.""

[swidup]

https://thehill.com/policy/technology/420929-china-behind-marriott-data-breach-investigators-conclude china blamed

https://www.npr.org/2018/12/12/675983642/chinese-hackers-are-responsible-for-marriott-data-breach-reports-say

[swidup]

https://www.washingtonpost.com/technology/2019/01/04/marriott-hackers-accessed-more-than-million-passport-numbers-during-novembers-massive-data-breach/?utm_term=.87ecbddf3ea0

[swidup]

https://securityboulevard.com/2019/01/marriott-lowers-estimate-of-customers-affected-by-breach-to-383-million-says-8-6-million-encrypted-payment-cards-involved/