On Friday Marriott International Inc. announced that over the last few years their Starwood properties have been exposing sensitive information of hundreds of millions of their customers. It is believed that the details of nearly 500 million Marriott customers have been accessed by cyber criminals. The leaked data include hotel visitor’s information such as name, passport number, mailing address, gender, phone number, email address, date of birth, and reservation dates. Marriot highlighted that some of the leaked information also includes payment card numbers and payment card expiration dates. The incident will remain in history as one of the largest data braches ever.
Starwood, the largest hotel chain in the world, has more than 1,200 locations across the globe and includes brands such as Westin, Sheraton, The Luxury Collection, Four Points by Sheraton, W Hotels, St. Regis, Le MĂ©ridien, Aloft. Element, Tribute Portfolio, and Design Hotels.
Marriott said that on Nov 19th, the company received a confirmation that there has been unauthorized access to Starwood’s guest reservation database. The loophole in the database might have been active since 2014 before it was discovered in September 2018. It is currently unknown who is behind the attack and if the stolen data has ever been publicly up for sale on the Dark Web. There is no evidence showing if the attack was state-driven or has been led by money-hungry hackers.
Marriott is currently sending emails on a rolling basis to all emails found in the leaked database. They offer free one-year identity-theft protection to everyone who might have been affected by the breach. The hotel-chain is cooperating with the authorities and opened a hotline for concerned customers.
What to do if you’ve been affected?
First and foremost, you may want to consider taking advantage of the free identity-theft protection service offered by Marriott. The next thing you should do is to go through your bank statements and look for suspicious activity. If you notice something out of the ordinary, call your card issuer and discuss your concerns with them. They might be able to help you. Most banks would be happy to overnight you a card replacement.
Then you might want to keep an eye on your credit score and even consider freezing your accounts with all major credit bureaus – Equifax, Experian, and TransUnion. If you are not planning on using your credit score for purchase anytime soon, freezing your accounts is strongly suggested. This is a great way to try to prevent hackers from taking advantage of the stolen data.
If you do not have anti-virus software on all your connected devices, you must consider it. Data breaches often do not give away everything needed by fraudsters wanting to steal your identity or hard-earned cash, so they target you and look for other ways to paint the full picture. Having quality antivirus software on all your smart devices would prevent hackers from finding the missing pieces they need to gain complete control of your identity. Don’t make it easy for them and install anti-virus software on all your smart devices.
Last but not least, you may consider joining one of the multiple class-action lawsuits that started popping after the news broke on Friday. Two people from Oregon filed a lawsuit against the hotel chain hours after Marriott announced the news. Their lawsuit was followed by another one coming from a law firm based in Maryland. Expect more class-action suits to be filed in the next months.
The data breach suffered by Marriott will remain in history as one of the most significant hacks to date. While the Yahoo data breach from 2013-2014 is still topping the list – roughly 3 billion people were affected – Marriott’s breach certainly makes the top five list of largest data breaches in the world. And it may end up being the costliest breach ever as Marriott’s incident was announced months after GDPR came into play which may lead to a hefty fine for the hospitality chain.
10 comments
Haven’t been to the Marriott in years.
Hi Janice,
We are happy to know your personal data is safe from this data breach.
Thanks for reading us!
Kind regards,
Panda Security.
Never stayed at starwood..stayed at courtyards and 1 faifield inn. But i found this information very informative and will kerp an eye on my bank accounts..thank you Panda Security.
Hi Jon,
We are glad to know your personal information is safe and that you found our article interesting.
Kind regards,
Panda Security.
Posso leggere informazioni se scrite in Italiano!..
Ciao, puoi leggere il nostro blog in italiano a questo indirizzo: https://www.pandasecurity.com/it/mediacenter
Grazie per aver scritto!
Je suis très satisfait d’avoir Panda comme protecteur après tous ce qui ce passe dans le monde .
Merci Panda
Kadda
Bonjour Kadda,
Merci beaucoup de votre message! Nous sommes contents de vous avoir comme client.
Bien cordialement,
Panda Security.
NĂŁo sou cliente do hotel, entretanto, nesse perĂodo estava hospedado em outros hoteis, e verifiquei uma alteração nos icones da area de trabalho, os quais mudaram de posição ( ocupam tradicionalmente o lado esquerdo da tela mas agora estĂŁo no direito).
Nas buscas por solução , todos apontam da possibilidade de ter sido produzido por um virus, que pode ter tentado furtar dados.
portanto solicito, ajuda Panda
I am not a customer of the hotel, however, during this period I was staying in other hotels, and I noticed a change in the icons of the work area, which changed their position (traditionally occupy the left side of the screen but now they are on the right).
In search for solution, everyone points to the possibility of being produced by a virus, which may have attempted to steal data.
therefore I request Panda help
OlĂ Geraldo,
Como dissemos no artigo, recomendamos que vocĂŞ altere as senhas, verifique as contas bancárias em busca de movimentos nĂŁo autorizados e, acima de tudo, use o bom senso e sempre proteja seus dispositivos com proteção antivĂrus.
Atenciosamente,
Panda Security.