Massive Marriott Data Breach Exposes Personal Information of Up to 500 Million Guests

By |2018-11-30T21:45:36+00:00November 30th, 2018|

Marriott International, one of the largest hotel chains in the world, today revealed its discovery of a massive data breach that exposed the personal information of up to 500 million guests. The data breach leaves Marriott guests vulnerable to account fraud, identity theft, and other criminal activities.

Marriott says an unauthorized party has been accessing information from the Starwood guest reservation database since 2014. The database contains information about anyone who has made a reservation with a Starwood property, including Westin, Sheraton, The Luxury Collection, St. Regis and other hotels.

The unauthorized party copied, encrypted, and attempted to remove guest information directly from the database. Stolen information may include account details, name, home address, birth date, passport number, gender, travel itineraries, reservation data, and communication settings. For some, the stolen data may also include encrypted payment card information, though Marriott has not been able to determine if the hackers have the components needed to access payment details.

Signs of the data breach were first discovered September 8, 2018, and Marriott conducted an internal investigation to determine the extent of the damage. With 500 million users affected, this is one of the biggest data breaches in history. What’s also notable is the length of time the breach went unnoticed, with hackers accessing data since 2014.

The identity of the hackers is currently unknown. Stolen information could be used for identity theft, account fraud, or even international espionage. While Social Security numbers were not taken (since hotels don’t typically require that information), the stolen information can easily help criminals commit identity theft.

What You Can Do to Protect Your Credit

Marriott is offering guests a free one-year enrollment with a basic service that monitors the internet for consumers’ personal information. In most circumstances this service may not be enough and cannot prevent identity theft or undo any damage caused.

Taking proactive measures is always the best approach to staying protected and giving you the best chance to act on anything suspicious if something happens. Here are a few steps you can take to put your mind at ease:

  • Monitor and review your credit report regularly: Some of the first indications your personal information has been compromised will be evident on your credit report. Often the first line of defense is just to review and monitor your credit report from all 3 credit bureaus. It’s important to remember that not all the credit bureaus report the same information so monitoring all 3 gives you a complete view of your credit profile. Full suite identity theft protection and credit monitoring services like our Secure Max package can watch your credit report and notify you whenever something changes. On top of that, the service monitors dark web and internet sites for personal information that may have been compromised. With SecureMax you also get up to $1Million in Identity Theft Insurance.
  • Freeze your credit reports: putting a freeze on your credit reports with all three major credit bureaus – Experian, Equifax, and TransUnion – will prevent thieves from opening lines of credit in your name. You’ll just need to temporarily lift the freeze in the future when you submit a legitimate application for credit. This doesn’t prevent identity theft that already occurred.
  • Watch your accounts: Marriott hasn’t ruled out the possibility of hackers obtaining usable payment information. Pay close attention to your bank accounts and credit cards – especially those you used to book travel with Starwood properties. You’ll want to report any fraudulent charges you find right away.

As the list of major data breaches continues to grow, protecting your personal information and monitoring your credit becomes increasingly important. Take steps to protect yourself – you can’t rely on businesses, no matter how well intentioned, to effectively do it for you.