PogoWasRight.org

Menu
  • About
  • Privacy
Menu

Marriott now lets you check if you’re a victim of the Starwood hack, but you may have to wait… and wait… and wait…. to get a response

Posted on February 16, 2019June 25, 2025 by Dissent

Zack Whittaker reports:

Hotel chain giant Marriott will now let you check if you’re a victim of the Starwood hack.

The company confirmed to TechCrunch that it has put in place “a mechanism to enable guests to look up individual passport numbers to see if they were included in the set of unencrypted passport numbers.” That follows a statement last month from the company confirming that five million unencrypted passport numbers were stolen in the data breach last year.

The checker, hosted by security firm OneTrust, will ask for some personal information, like your name, email address, as well as the last six-digits of your passport number.

Read more on TechCrunch.

Note that you do not have to input your passport info –  that’s merely recommended.  You do need to input your first and last name,  email address, and town, state, country, and zip code.

I tried the form using two different email addresses.  After each submission, I was told to check my email for a confirmation email link that I would need to click to confirm.  It’s two hours later, and I haven’t received any emails asking me to confirm my request. Zack had reported, “The checker won’t kick back a result straight away — you’ll have to wait for a response — and Marriott doesn’t say how long that’ll take.”  I didn’t anticipate that even the confirmation email might take a long time.

Surely this part could have been handled more promptly???

Update:  More than 30 hours later, I (finally) received the emails asking me to click a link to confirm my request.  On clicking the link, I got the confirmation of request promptly.

Update of March 12:  Today, I received the results of my inquiries.

No related posts.

Category: BreachesBusiness

Post navigation

← After you spit into a tube for a DNA test like 23andMe, experts say you shouldn’t assume your data will stay private forever
A Status Report on the California Consumer Privacy Act →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

RSS Recent Posts on DataBreaches.net

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy