On Friday Marriott International Inc. announced that over the last few years their Starwood properties have been exposing sensitive information of hundreds of millions of their customers. It is believed that the details of nearly 500 million Marriott customers have been accessed by cyber criminals. The leaked data include hotel visitor’s information such as name, passport number, mailing address, gender, phone number, email address, date of birth, and reservation dates. Marriot highlighted that some of the leaked information also includes payment card numbers and payment card expiration dates. The incident will remain in history as one of the largest data braches ever.
Starwood, the largest hotel chain in the world, has more than 1,200 locations across the globe and includes brands such as Westin, Sheraton, The Luxury Collection, Four Points by Sheraton, W Hotels, St. Regis, Le Méridien, Aloft. Element, Tribute Portfolio, and Design Hotels.
Marriott said that on Nov 19th, the company received a confirmation that there has been unauthorized access to Starwood’s guest reservation database. The loophole in the database might have been active since 2014 before it was discovered in September 2018. It is currently unknown who is behind the attack and if the stolen data has ever been publicly up for sale on the Dark Web. There is no evidence showing if the attack was state-driven or has been led by money-hungry hackers.
Marriott is currently sending emails on a rolling basis to all emails found in the leaked database. They offer free one-year identity-theft protection to everyone who might have been affected by the breach. The hotel-chain is cooperating with the authorities and opened a hotline for concerned customers.
What to do if you’ve been affected?
First and foremost, you may want to consider taking advantage of the free identity-theft protection service offered by Marriott. The next thing you should do is to go through your bank statements and look for suspicious activity. If you notice something out of the ordinary, call your card issuer and discuss your concerns with them. They might be able to help you. Most banks would be happy to overnight you a card replacement.
Then you might want to keep an eye on your credit score and even consider freezing your accounts with all major credit bureaus – Equifax, Experian, and TransUnion. If you are not planning on using your credit score for purchase anytime soon, freezing your accounts is strongly suggested. This is a great way to try to prevent hackers from taking advantage of the stolen data.
If you do not have anti-virus software on all your connected devices, you must consider it. Data breaches often do not give away everything needed by fraudsters wanting to steal your identity or hard-earned cash, so they target you and look for other ways to paint the full picture. Having quality antivirus software on all your smart devices would prevent hackers from finding the missing pieces they need to gain complete control of your identity. Don’t make it easy for them and install anti-virus software on all your smart devices.
Last but not least, you may consider joining one of the multiple class-action lawsuits that started popping after the news broke on Friday. Two people from Oregon filed a lawsuit against the hotel chain hours after Marriott announced the news. Their lawsuit was followed by another one coming from a law firm based in Maryland. Expect more class-action suits to be filed in the next months.
The data breach suffered by Marriott will remain in history as one of the most significant hacks to date. While the Yahoo data breach from 2013-2014 is still topping the list – roughly 3 billion people were affected – Marriott’s breach certainly makes the top five list of largest data breaches in the world. And it may end up being the costliest breach ever as Marriott’s incident was announced months after GDPR came into play which may lead to a hefty fine for the hospitality chain.