Wednesday, December 5, 2018

What You Need to Know About the Marriott Data Breach

Since the end of last week, you may have heard about the data breach involving the Marriott International Starwood guest reservation database. Yesterday, the Federal Trade Commission released an alert to provide affected users with recommended actions.

Here is what you need to know:
  • The information exposed includes names, addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, Starwood loyalty program account information, and reservation information of as many as 500 million customers. Payment information may have been exposed as well - while this data was encrypted, it is unclear whether intruders gained the ability to decrypt it.
  • The breach began in 2014 and anyone who made a reservation at a Starwood property on or before September 10, 2018 could be affected. Starwood brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Le Méridien Hotels & Resorts, and other hotel and timeshare properties.
  •  Marriott set up an informational website, https://answers.kroll.com, and a call center, 877-273-9481, to answer questions. Affected customers can sign up for free monitoring services. 

What does this mean for you?

There are some steps you can take in addition to using monitoring services.
  • Review bank statements and credit card statements regularly.
  • Review your credit reports and consider placing a fraud alert or credit freeze on your files.
  • Assume that your Marriott account password was compromised and change your password as well as similar passwords on all other online accounts.
  • Proactively check if you have been affected since the Starwood brand spans multiple hotel chains.
  • Scammers often take advantage of situations like this by posing as the company and emailing affected customers fake links. The safest way to check if you have been affected by the breach is accessing the website directly. Remember, Marriott will never ask you to provide your password via phone or email.

Did you know - December is National Identity Theft Prevention and Awareness Month! Learn more about identity theft at https://www.identitytheft.gov