Marriott Breach Alert

What Happened?

On Friday, November 30, 2018, hospitality giant Marriott International announced that hackers had breached its Starwood guest reservation system. Starwood oversees at least 11 hotel brands under the Marriott umbrella, including W Hotels, Regis, Sheraton Hotels & Resorts, and Westin Hotels & Resorts.

After being alerted to suspicious activity in September 2018, security investigators learned that the system had been compromised as far back as 2014. It’s estimated that hackers made off with information on approximately 500 million guests. For 327 million of those guests, the information included names, physical and email addresses, dates of birth, phone numbers, gender, passport numbers, Starwood rewards information, travel details, and communication preferences. Some portion of those 500 million also had their payment card numbers and expiration dates compromised. While the card information was encrypted, it is unclear whether the thieves were able to access enough information to decrypt the numbers.

The Fallout

Within hours of announcing the breach, Marriott was hit with multiple class-action lawsuits seeking over $12 billion in damages. This is just one of the costs of a data breach that companies need to worry about.

The hotelier’s stock prices saw an immediate drop as well. Marriott shares dropped 8.7 percent after making the announcement.

Additionally, the company is facing investigation from numerous government bodies around the globe who have the power to levy devastating fines.

Should I Be Worried?

If you’ve stayed at a Marriott or Starwood property in the past four years, you’re automatically at an increased risk of identity theft or fraud. It takes just two pieces of Personally Identifiable Information (PII) for a criminal to commit synthetic identity theft. And, 1 in 3 data breach victims later experience an identity crime.

3 Tips to Protect Yourself

  1. Avoid clicking on suspicious links or attachments. After a mega breach like Marriott’s, cybercriminals capitalize on the headline news to trick people into turning over private information with phishing scams and spoof websites that look legitimate.
  2. Change your passwords. If you have a Starwood or Marriott rewards account, be sure to change your password. And, if you’ve used that password on any other website, change it there too.
  3. Closely monitor your accounts. Stay vigilant and monitor your personal and financial accounts; act immediately by contacting any financial institutions or credit agencies if you notice any suspicious activity.