Marriott Finally Responded to My Data Breach Information Request

25 days after I submitted my request to Marriott to find out how much of my personal information was stolen during their massive data breach, I finally have an answer. Here’s what Marriott had to say:

Dear Edward Pizzarello,

We are in receipt of your inquiry regarding whether your personal data was involved in the recent

Starwood Guest Reservation Database security incident.

Based on the information you provided to us, we believe that your information was involved.

Following our analysis, we believe that the following information about you was involved in the

incident:

Name

Company Name

Address Information

Primary Email Address

Primary Phone Number

Other Phone Information

Encrypted Passport Number

Starwood Preferred Guest (SPG) Number

Starwood Preferred Guest (SPG) Loyalty Status and Balances

Guest Frequent Traveler Program Information

Starwood Executive Traveler Number

Guest Opt-In Preferences

Email Communication Preferences

Reservation Details

Central Starwood Unique Record Locator

Returning Guest Indicator (Y/N)

Employed at Starwood (Y/N)

Record History Information

Where available in your country/region, Marriott is offering affected guests the opportunity to

enroll in a personal information monitoring service free of charge for one year. More information

about this service can be found at info.starwoodhotels.com.

If you have further questions or requests regarding this information, please contact us through this

portal. You will continue to have access to this request for the next 30 days.

Thank you.

Marriott Privacy Center

The Final Two Pennies

The initial process to inquire about the status of your personal data with Marriott was a questionable one.  The website to submit a request wasn’t even Marriott’s.  For those that were nervous about completing the process, it at least seems legitimate based on my experience.  That being said, it’s unclear what I can do now that I have the information.

It would seem my data breach wasn’t as bad as some of my fellow bloggers.  View From The Wing had his unencrypted passport number stolen as well as credit card data. Still, Marriott’s handling of this continues to disappoint me.  25 days to reveal this information? At the point they were ready to spin up the website to tell people whether their information was stolen, they should have been ready to fulfill those requests in a timely manner. 25 days is far beyond reasonable.

Gary noted that Marriott hasn’t offered up any sort of compensation, including loyalty points for those affected. My first impression when I read that was I wasn’t expecting Marriott to give people compensation.  However, the more I think about it, the more it seems reasonable. There have been plenty of disappointments throughout the merger, yet Marriott still expects the same level of loyalty from their customers.  Marriott believes if they tell us something that’s false (but sounds believable), they’ve done enough.

Marriott’s CEO apologized recently, but just for the data breach. He didn’t apologize for the unannounced changes in policy that negatively impacted their customers. Nor did he apologize for how long it’s taken to tell customers if they’re affected.  Loyal Marriott customers deserve better.  They really do.

Did you enjoy this post?  Please share it! There’s plenty of ways to do that below.

You can also follow me on Twitter, Facebook and Instagram. 

And, I hope you’ll check out my podcast, Miles To Go.  We cover the latest travel news, tips and tricks every week so you can save money while you travel better.  From Disney to Dubai, San Francisco to Sydney, American Airlines to WestJet, we’ve got you covered!