25 days after I submitted my request to Marriott to find out how much of my personal information was stolen during their massive data breach, I finally have an answer. Here’s what Marriott had to say:
Dear Edward Pizzarello,
We are in receipt of your inquiry regarding whether your personal data was involved in the recent
Starwood Guest Reservation Database security incident.
Based on the information you provided to us, we believe that your information was involved.
Following our analysis, we believe that the following information about you was involved in the
Primary Email Address
Primary Phone Number
Other Phone Information
Encrypted Passport Number
Starwood Preferred Guest (SPG) Number
Starwood Preferred Guest (SPG) Loyalty Status and Balances
Guest Frequent Traveler Program Information
Starwood Executive Traveler Number
Guest Opt-In Preferences
Email Communication Preferences
Central Starwood Unique Record Locator
Returning Guest Indicator (Y/N)
Employed at Starwood (Y/N)
Record History Information
Where available in your country/region, Marriott is offering affected guests the opportunity to
enroll in a personal information monitoring service free of charge for one year. More information
about this service can be found at info.starwoodhotels.com.
If you have further questions or requests regarding this information, please contact us through this
portal. You will continue to have access to this request for the next 30 days.
Marriott Privacy Center
The Final Two Pennies
The initial process to inquire about the status of your personal data with Marriott was a questionable one. The website to submit a request wasn’t even Marriott’s. For those that were nervous about completing the process, it at least seems legitimate based on my experience. That being said, it’s unclear what I can do now that I have the information.
It would seem my data breach wasn’t as bad as some of my fellow bloggers. View From The Wing had his unencrypted passport number stolen as well as credit card data. Still, Marriott’s handling of this continues to disappoint me. 25 days to reveal this information? At the point they were ready to spin up the website to tell people whether their information was stolen, they should have been ready to fulfill those requests in a timely manner. 25 days is far beyond reasonable.
Gary noted that Marriott hasn’t offered up any sort of compensation, including loyalty points for those affected. My first impression when I read that was I wasn’t expecting Marriott to give people compensation. However, the more I think about it, the more it seems reasonable. There have been plenty of disappointments throughout the merger, yet Marriott still expects the same level of loyalty from their customers. Marriott believes if they tell us something that’s false (but sounds believable), they’ve done enough.
Marriott’s CEO apologized recently, but just for the data breach. He didn’t apologize for the unannounced changes in policy that negatively impacted their customers. Nor did he apologize for how long it’s taken to tell customers if they’re affected. Loyal Marriott customers deserve better. They really do.
Did you enjoy this post? Please share it! There’s plenty of ways to do that below.
And, I hope you’ll check out my podcast, Miles To Go. We cover the latest travel news, tips and tricks every week so you can save money while you travel better. From Disney to Dubai, San Francisco to Sydney, American Airlines to WestJet, we’ve got you covered!