Marriott Data Breach: What You Need to Know
posted Nov 30, 2018 by Daniel M. Andrea, CPA, CITP, CISA in the Business Blog
Have you stayed at a Marriott hotel chain in recent years? You may have been impacted by a massive data breach that exposed the personal information of close to 500 million guests. Here’s what you should do if this applies to you.
Who is affected?
According to the Marriott International hotel chain, the database of its Starwood reservation system was hacked and 500 million guests (dating back to 2014) could be impacted. Personal details that were leaked include names, addresses, birthdays, passport numbers, email addresses and phone numbers.
If you made reservations for Starwood Hotel brands from 2014 to September of this year…there are some steps you should take to protect yourself!
Starwood properties include: Sheraton, Westin, W Hotels, St. Regis, Four Points, Aloft, Meridien, Tribute, Design Hotels, Elements and the Luxury Collection.
Marriott has not finished identifying who has been affected, but they have started emailing impacted users and they have also set up a website with information concerning the breach.
What you should do now
- Change your password- Changing your on-line passwords regularly and using different passwords for different websites is KEY. Instead of a common phrase, consider choosing a combination of unrelated words with numbers, characters and a mix of upper and lower case letters.
- Check your accounts for any suspicious activity- Most major credit card services post transactions for your viewing daily. Get in the habit of visiting these accounts daily.
- Considering placing a credit freeze on your files. While this won’t prevent a criminal from making charges to your existing accounts, this makes it harder for someone to open a new account in your name.
- Be vigilant against third parties attempting to gather information by "phishing" and other forms of deception. Beware of click through links to fake websites. Note that Marriott will never ask you to provide your password by phone or email.
What steps has Marriott taken to help guests monitor/protect their information?
Marriott is offering the following services:
- Dedicated call center- You can direct any questions you may have about this incident to a dedicated call center, which is open seven days a week and available in multiple languages. The numbers are available on the right hand section of this page under “Call Center Information.”
- Email notification- Beginning November 30th, 2018, Marriott has been sending out emails on a rolling bases to affected guests whose email addresses are in the Starwood database.
- Free WebWatcher enrollment- Marriott is offering guests the opportunity to enroll in WebWatcher for one year, free of charge. WebWatcher monitors internet sites where personal information is found. U.S. users who complete the WebWatcher enrollment process will also be provided fraud consultation services and reimbursement coverage free of charge. You can begin the enrollment process here.
Questions on the Marriott breach? Reach out to me or any member of our Information Security Services Group.