Marriott announced Friday that their reservation database for Starwood hotels has been breached by hackers, leaving almost 500 million user’s personal information exposed. Learn what happened in Marriott’s Starwood breach, how to determine if your information has been compromised and other important next steps.
The Marriott’s Starwood data breach
- Hackers illegally accessed Marriott’s Starwood Hotels reservation database. Marriott purchased the Starwood hotel brand in 2016, though it appears this breach has been taking place since 2014. Only Starwood brand information has been compromised.
- An internal security tool detected the breach on September 8. Upon further investigation, they discovered the length of time the attack has taken place.
- Starwood hotels include : Westin, Sheraton, The Luxury Collection, Four Points by Sheraton, W, St. Regis, Le Meridien, Tribute Portfolio, Design Hotels, Four Points, Aloft, Element.
- It is the second biggest corporate data breach in history. The first involving Yahoo last year, with over 3 billion accounts being compromised.
What information has been exposed
- For 327 million people, the information breached includes names, phone numbers, email addresses, passport numbers and date of birth. It also includes trip arrival and departure information.
- For some, credit card information and card expiration dates were compromised. There was encryption on this information, though Marriott is unsure if that encryption could have been breached as well.
- This leaves an estimated 500 million people vulnerable to having their identities stolen. It can then later be used to open bank accounts, credit cards and even loans in their name.
What to do if you think you might be a victim
- Visit Marriott’s website about the breach. Contact them directly through the call center listed on the site or read additional information about the breach.
- Keep an eye on your email. Marriott has begun sending out notification emails to those that have been compromised. These roll-out emails begin Friday, November 30.
- Marriott will provide guests with free WebWatcher enrollment. Free of charge for one year, it will monitor if your personal information is being used online without your permission.
Additional ways to protect yourself
If you’re concerned that you may be a victim, or just freaked out in general, here are a few actionable items you can start doing today:
- Start changing your password on your Marriott Starwood accounts regularly. This is the first line of defense to keeping hackers out. Make sure your new password has at least 12 characters, tricky to guess, and doesn’t include any information that can be gleaned from your online profiles, like your birthday or home address.
- Monitor your accounts for suspicious activity. Keep an eye on your Starwood Preferred Guest account for any suspicious activity. Also check your bank, retirement, brokerage accounts, and credit card statements for anything unusual.
- Freeze your credit. Keep anyone from taking out credit cards or loans in your name by freezing all credit.
- Open a separate credit card for online transactions only. Make it easier to track transactions and spot fraudulent activity by using one dedicated credit card for online transactions. If compromised, you won’t have to change additional bills or utilities billing information, reducing additional stress and headache.
- Be aware of anything fishy in the future. It’s not new that we should be vigilant with our actions online or on the phone. ‘Phishing’ schemes usually include people trying to access additional information from you or your computer with bogus emails, fake links, and fraudulent websites. Marriott has said they will not call or email you asking for your profile or password information. Do not provide this information if requested online or on the phone, as they are likely trying to steal additional personal information.