Hospitality has been hit again. This time, if it isn’t the largest data breach on record, it is certainly right up toward the top. Marriott International announced this week that information of guests reaching up to 500 million was exposed in a breach of the Starwood properties guest reservation system. And it wasn’t just a short-term breach…the intruders may have been lurking around since 2014.
Unfortunately, it affects more than guests who actually stayed. It affects anyone who made a reservation from 2014 up to September 8, 2018. Information that was exposed includes pretty much anything you’d give to a property to make a reservation: Names, dates of stay, payment card information, address, email address, loyalty card number, password, passport numbers if provided, and any information stored in the loyalty program database that includes birthdate, gender, and stay preferences.
So what can you do if you were included in that massive group of victims?
- Monitor payment card charges diligently for at least the next year. If you see anything amiss, contact the financial institution right away and get it resolved.
- Change your account password for your Starwood loyalty program account. Since Marriott recently acquired Starwood and their loyalty programs were merged, you should consider changing your Marriott loyalty account password too.
- Keep an eye your loyalty club account. There have been instances when intruders steal your award points and exchange them for free nights on you, gift cards, or other awards.
- Sign up for the free services Marriott is offering. They are providing one year of services from WebWatcher to affected guests. This service monitors internet sites for shared personal information and alerts the customer if any is found. In addition, Marriott will provide fraud consultation and reimbursement at no charge.
- Report your passport as stolen and get a new one. You can go to the State Department website for information on how to do this. It can be reported online, via mail, or by phone.
- Watch for targeted phishing attacks using information contained in this group of details. The more specific information included, the more likely you will click on a link or attachment in an email. If you are not expecting a link or attachment, or even if you are, be 100% sure it’s safe before you click it. Hover the mouse pointer over it to make sure it’s going where you expect it to or hold down on it for more than 3 seconds if you’re on a mobile device. If it’s a “phishy” looking link, don’t click it.
- If you are changing any details in your account, go directly to the Starwood or Marriott site and log into your account. Don’t click links that request personal information.
Now that the cat’s out of the bag on this, you may receive all kinds of messages using information from this breach. Use extreme caution when responding to any of them and don’t “reply” to the emails. Instead, get the phone number off Starwood’s website or contact them some other way not using information in any email, just to be on the safer side.
If you have additional questions, there is a dedicated call center set up for this incident. Marriott is sending email letters out to those affected on a rolling basis starting November 30.
Starwood properties include W Hotels, St. Regis, Westin, Element Hotels, Aloft, Sheraton, The Luxury Collection, Le Méridien, Four Points by Sheraton, Design Hotels, Tribute, and timeshares branded as Starwood.
© Copyright 2018 Stickley on Security Inc.
Stay informed about current security, scams and phishing, and mobile security news daily on BND’s Security and Fraud page.