A man booked a room with someone else’s Marriott Bonvoy points. The member received the confirmation email from Marriott, contacted the police, and that man was arrested on the spot in Naples, Florida!
The Marriott Bonvoy member actually called to cancel the booking and change their account login information. But Marriott – which has been on a knife’s edge over security issues after a data breach exposed 500 million reservations along with some payment and passport information – appears not to have acted.
The next day the guests checked into the still active booking at the Residence Inn Naples. So the program member called Naples, Florida police who actually responded. That wouldn’t have happened in my home town of Austin.
- Six (!) police officers responded
- It turned out that the people in the hotel – a man and woman in their twenties along with a baby – made the reservation in the program member’s name and called the property to add themselves to the booking.
- According to the man staying in the room, the reservation was ‘made by a friend of his’ but he… couldn’t remember the friend’s name.
- He was actually arrested, and both the man and woman were banned from the property.
On Thursday 04/27/2023 at approximately 1300 hours Sgt Perez #262, Det Martinez #274, M/Ofc Collins #227, M/Ofc Perry #224, Ofc Granese #291 and Ofc Blomquist #321 responded to a call for a fraud located at 4075 9th St N (The Residence Inn).
The initial call was made by J**** ****** who going forward will be referred to as the victim. The victim stated she had received an email on Wednesday 04/26/2023 at approximately 1200 hours (est) stating her personal identification information had been stolen including her Marriott rewards account information. The victim further stated she had received an email from the Residence Inn confirming a reservation that she had not booked using her rewards account. The victim called the business and thought to have cancelled the reservation and changed the log in for the account but when she woke up this morning and checked her email at approximately 1230 hours( est) she had a notification stating that someone had checked into the Residence Inn using her account info. Email was sent at approximately 0415 hours( est) on Thursday 04/27/2023. The victim was emailed a blank sworn statement to be completed and expressed to Ofc Blomquist that she wanted to pursue prosecution.
The man had previously been charged with 6 felonies and 9 misdemeanors in the same county – and had only just been release from jail two months earlier.
It’s rare that loyalty fraud is addressed so quickly. Occasionally airline passengers are met at the gate, though the worst that happens in that case is almost always that tickets are cancelled. An arrest on the scene is almost unheard of. It just so happened the program member was vigilant with their account (one thing I love about checking Award Wallet daily is seeing balance changes in all of my accounts – refusing to work with Award Wallet is actually bad for account security) and the hotel stay happened to occur in a jurisdiction where the police would respond.
As an infosec expert I find your claim suspect. What is the evidence or basis that refusing to work with Award Wallet is bad for account security? For starters, a loyalty program that opens up to Award Wallet is taking the risk of opening a point of access to a ton of user data. Do you have any sort of incentive to promote Award Wallet?
It is far easier for a trustee to wastefully spend money then kill the old person by sending them to hospice and say that the old person is “agitated” and needs sedation. Some hospices will agree to give a lot of sedation so the person is too sleepy to eat or drink and dies. The trustee can then spend more money on themselves and also get an inheritance, if that is what the trust agreement says.
@UA GS: Gary’s basis, which should be as obvious as it is unconvincing, is that a single repository of current account information will encourage daily checking so that missing points will be found faster
@derek: Sit tight and someone will be along with your medication soon.
Mugshots or it didn’t happen.
@debit is that you or is it really your twin @derek?
It’s like stealing cash or a credit card so why not. Just hope the arrest amounts to something.
I have a second home in Naples and have to say that Naples/Collier County are incredibly well run and dont mess around. Dumbest place to commit fraud/ID theft for the perps here. Come to LA or SF where you can basically shake down anyone without consequence (I live in LA 95% of the time BTW).
Did the police make their end-of-the-month arrest quota?
Anyway, thanks for the weird story; saves me from perusing the tabloids.
Wow, great that the police responded, but sad that Marriott did absolutely nothing when called about this.
You don’t need daily checking, you need a system that e-mails about all transactions, including anything that changes your e-mail. Same thing as we have with address changes on financial accounts–you get a letter to both the old and new addresses.
And they need to prosecute for this sort of thing more–when I first read it my thought was that that was nuts. However, if the only thing that happens is you get denied why wouldn’t they try it?
Sad and disappointing. Why wasn’t Bonvoy Marriott required to tell all members about the Security Info breech?
I’ve had this happen at least twice in cities outside where I live. Called the hotels, they just told me they’d cancel the bookings, notify the fraud dept, and to change the password.
No further proactive action was taken despite this and no news afterwards. Thankfully I did not lose any points, but I’d be lying if that was a satisfactory outcome.
This actually happened to me this weekend. Someone booked a hotel using my points. It was very difficult to get to a phone number to get assistance with cancelling the booking and returning my points.
The perps messed up; had they reserved that room at a Marriott in SF, Chicago or New York City, they would still be in “their” room, enjoying free room service and unwilling to ever check out – knowing that nobody will do a thing about it.
I live in Naples and recently had my AAdvanatge account compromised with hundreds of thousands of miles used for fraudulent bookings
AA corporate security was great about helping, but in order to get my miles redeposited, I needed a police report from Naples PD.
I called the office and within 10 minutes an officer was at my door to handle the report. Couldn’t have been nicer and more helpful although we had to laugh about the situation.
Long story short, Naples PD doesn’t mess around and I love living in this awesome town!
I don’t know why @BigTee is making light of this story? Points have value and so they are indeed someone’s “property”! You don’t want police to help you if your property is being stolen? You only have to look at the overly lenient laws in most major cities (all blue!) to see what happens when the law looks or is forced to look the other way.
Big Tee likes criminals and hates police – hence his comment