A warning to my MRI friends. HEI Hotels, which operates 20 hotels throughout the US under different brands, including Marriott, announced that credit card users may have had their personal information compromised at all of their properties between December 2015 - June 2016 (although the dates vary by hotel). The Marriott properties involved include: Boca Raton Marriott, Dallas Forth Worth Marriott Hotel & Golf Club, Renaissance San Diego Downtown, San Diego Marriott La Jolla. If you stayed at one of these properties recently check your credit card statements carefully. For more information, go to the HEI Hotels & Resorts website.
Thanks for posting the info.
I've made my living in IT and I can't help but think that we may have let this whole Internet thing get away from us. It had (and has) such wonderful possibilities that we just dove in head first and now we're finding out that we should have down a better job in things like security first. No way to get the genie back in the bottle but we'd better get to fixing the bottle.
I heard some (I won't use the name I want to use) on TV saying we should have Internet voting. Yeah, right. If we had Internet voting Julian Assange would get 53 trillion votes for President of the US and lose to Vladimir Putin and Nikola Tesla.
Security is not sexy, and like testing, is easy to cut money from its budget with no immediate aftermath. A lot of corps use the Ford Pinto logic-- cheaper to pay for breaches after the fact, toss a year of 'ID protection' to some affected users, and look appropriately apologetic.
Hospitality is notoriously awful in IT, and that includes their security, and unlike many other verticals, hoteliers keep your card on file until after you've checked out and any bill backs can be accomplished without the need of card after your departure.
They are also relatively soft targets, and when hackers figure out how to aim for certain large REITS rather than peice meal hotels, this will be a much more common occurrence.
The industry has not been incentivised for better stewardship of your data, and their rickety systems were not originally designed to withstand continued concentrated attacks by knowledgeable people.
Here's the fuller list, which crosses multiple brands, service levels, and geographic locations. I've also included the dates affected.
NOTE: Some of these properties were affected a long time ago, in relative terms, back to 2015.
PROPERTY ADDRESS DATES AFFECTED
Boca Raton Marriott at Boca Center 5150 Town center Cir., Boca Raton, FL 33486 3/1/2015 - 6/7/2015 and 12/15/2015 - 4/11/2016
Dallas Fort Worth Marriott Hotel & Golf Club 3300 championship Pkwy., Fort worth, TX 76177 12/26/2015 - 4/28/2016
Equinox Resort Golf Resort & Spa 3567 Main st., Manchester Village, VT 05254 12/23/2015 - 5/4/2016
Hotel Chicago Downtown 333 N. Dearborn st., Chicago, IL 60654 12/26/2015- 4/27/2016
Hyatt Centric Santa Barbara 1111 E. Cabrillo Blvd, Santa Barbara, CA 93101 12/26/2016- 6/21/2016
Intercontinental Tampa Bay 4860 W. Kennedy alvd., Tampa, FL 33609 3/21/2016- 6/15/2016
Le Meridien Arlington 1121 19th st. N., Arlington, VA 22209 12/23/2015 - 4/28/2016
Le Meridien San Francisco 333 Battery St., San Francisco, CA 94111 3/1/2015 - 6/7/2015 and 12/2/2015 - 6/8/2016
Renaissance San Diego Downtown Hotel 421 W. a st., san Diego, CA 92101 12/26/2015 - 5/2/2016
Royal Palm South Beach Miami 1545 Collins Ave., Miami Beach, FL 33139 12/23/2015 - 6/6/2016
San Diego Marriott La Jolla 4240 La Jolla Village Dr., La Jolla, CA 92037 12/26/2015- 5/2/2016
Sheraton Music City Hotel 777 McGavock Pike, Nashville, TN 37214 3/1/2015 - 6/8/2016
Sheraton Pentagon City 900 S. Orme st., Arlington, VA 22204 3/3/2015 - 6/7/2015 and 12/2/2015 - 6/13/2016
The Hotel Minneapolis Autograph Collection 215 4th st. south, Minneapolis, MN 55401 3/1/2015 - 4/27/2016
The Westin Minneapolis 88 south 6th st., Minneapolis, MN 55402 9/2/2015 - 6/17/2016
The Westin Pasadena 191 N. Los Robles Ave., Pasadena, CA 91101 3/3/201 s -5/18/2016
The Westin Philadelphia 99 S. 17th st., Philadelphia, PA 19103 3/10/2016 - 6/6/2016
The Westin Snowmass Resort 100 Elbert Lane, Snowmass Village, CO 8161S 12/26/2015 - 4/10/2016
The Westin Washington, D.C. City Center 1400 M st NW, Washington, DC 20005 11/15/2015 - 5/28/2016
Westin Fort Lauderdale 400 Corporate Dr, Fort Lauderdale, FL 33334 1/29/2016 - 4/13/2016
Be nice if the USA like most other countries in the world instated the "embedded chip" CC system with a password protection. Giving your CC away and having it come back for a signature is sooo old school and who knows what happens to it when it's out of your sight. It's starting to change over, but ever so slowly....
Fortunately, have not stayed at any of these, but for me, all the more reason to use a Marriott Visa Signature credit card, issued by Chase Bank, and with more secure chip for credit access.
Also, I use an identity theft service, which monitors my credit cards and bank account, and most importantly, my social security account, and the service costs me $11/month. I've subscribed to this even though most credit card users, and personal bank accounts, are usually covered by the government and banks for breaches in security.
For additional security, I've set up "Alerts" on each of my credit cards for a variety of charges (domestically and foreign), and I contact the credit card host company before I leave for foreign country, or plan to experience unusual charges.
I also change my Marriott access and credit card passwords frequently, all of which requires a bit of extra bookkeeping!
.....maybe I'm being overly cautious, or perhaps: "better safe than sorry"?
Hi Insiders. Wanted to help put some minds at ease and share the following statement:
One of our franchise management companies, HEI Hotels & Resorts (“HEI”), became aware of a security incident possibly affecting the personal information of some customers who made payment card purchases at point-of-sale terminals, such as food and beverage outlets, at certain HEI managed properties, including some Marriott-branded hotels. They have informed us that they have taken the appropriate steps to address the matter. Because the suspected breach did not impact any systems that Marriott owns or controls, we do not have additional information to provide. Since this impacts customers of Marriott properties, we want to provide assurance that Marriott has a long-standing commitment to protect the privacy of the personal information that our guests entrust to us, and we will continue to stay in close communication with HEI as they resolve this matter.