500 Million Users Exposed by Marriott

2018 has been the year of the hack. The problem, so was 2017, 2016, and so on… Marriott International has announced that they have had what could be the second largest data leak in history. They are saying that they are responsible for a data breach that leaked some 500 million records over a five-year span.

The hotel chain, which includes all St. Regis, Westin, Sheraton, and W Hotel properties, were all managed by Marriott International’s Starwood reservation system. This system has been compromised since 2014, the multinational hotel conglomerate announced at the end of November. This gave hackers five years to cherry pick names, phone numbers, email addresses, passport numbers, dates of birth, and arrival and departure information for nearly 327 million people. In some cases, credit card numbers and expiration dates were compromised.

Even though it has been a rough few years for corporations of all types, this breach is larger than the 2017 breach of Equifax and only smaller than the 2013 breach of Yahoo that affected some three billion users. Unlike those other companies, Marriott International came clean right as they found out instead of sitting on the information like Equifax and Yahoo did.

How Can You Protect Yourself?
Marriott began rolling out the notification emails to impacted customers on the Friday after the hack was discovered and has established a call center and notification website that has been updated frequently (last entry was December 22). The company seems to be operating with the assumption that every Starwood’s customer has been impacted in some way. Additionally, the company is offering enrollment in the identity monitoring service WebWatcher for one year to anyone that thinks he/she may have been impacted. This service will alert you if your likeness is found online, including on the dark web. To protect yourself further, you’ll want to:

• Monitor Your Accounts - If you think you’ve been exposed in this attack, you should monitor your Starwood Preferred Guest account as well as your credit report. You can sign up for the available credit monitoring services, but if you are diligently checking your credit regularly, paying someone else to check it is less effective.
• Change Your Password - All Marriott guests should change their passwords immediately and select usernames and passwords that aren’t obvious. Instead of an easy-to-guess passphrase, use four unrelated words with numbers, characters, and a mix of upper and lowercase letters. Also, don’t use the same password for multiple services.
• Limit Access to Information - Only share what you have to share in order to get the products and services that you are purchasing. Any additional information is just a bonus for hackers and scammers if they are able to get their hands on it.
• Open an Account Just for Online Purchases - It may seem to be a pain to juggle accounts but utilizing a credit card specifically for online shopping and reservations is a good way to mitigate your exposure to major hacks like this one.

Following these four best practices will go a long way toward protecting yourself against further damage. If you have been the victim of a data breach in the past, you know that you need to be diligent about ensuring your personal information is protected.

For more information about the best practices to keep your data and information safe, return to our blog regularly.